CVE-2018-5227

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
4.8MEDIUM
EPSS
0.2%
top 63.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Atlassian Atlassian Application LinksAtlassian Application Links
Timeline
PublishedApr 10
Latest updateMay 14

Description

Various administrative application link resources in Atlassian Application Links before version 5.4.4 allow remote attackers with administration rights to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the display url of a configured application link.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

CVEListV5atlassian/atlassian_application_linksunspecified5.4.4

🔴Vulnerability Details

2
GHSA
GHSA-2v2m-7p9m-5v4v: Various administrative application link resources in Atlassian Application Links before version 52022-05-14
CVEList
CVE-2018-5227: Various administrative application link resources in Atlassian Application Links before version 52018-04-10
CVE-2018-5227 (MEDIUM CVSS 4.8) | Various administrative application | cvebase.io