Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-5230Cross-site Scripting in Atlassian Jira

CWE-79Cross-site Scripting8 documents7 sources
Severity
6.1MEDIUMNVD
EPSS
22.7%
top 4.12%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Atlassian JiraAtlassian Jira Server
Timeline
PublishedMay 14
Latest updateMay 13

Description

The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

CVEListV5atlassian/jiraunspecified7.6.6+6
NVDatlassian/jira< 7.6.6
NVDatlassian/jira_server7.7.07.7.4+2

🔴Vulnerability Details

2
GHSA
GHSA-7cw6-37m4-4r8g: The issue collector in Atlassian Jira before version 72022-05-13
CVEList
CVE-2018-5230: The issue collector in Atlassian Jira before version 72018-05-14

💥Exploits & PoCs

1
Nuclei
Atlassian Jira Confluence - Cross-Site Scripting

🕵️Threat Intelligence

2
Recorded Future
Analyze Recent Atlassian Vulnerabilities and Keep Your Infrastructure Protected
Greynoiseio
NoiseLetter September 2024

💬Community

2
HackerOne
Reflected XSS through multiple inputs in the issue collector on Jira2020-03-24
HackerOne
Cross Site Scripting via CVE-2018-5230 on https://apps.topcoder.com2020-02-24
CVE-2018-5230 — Cross-site Scripting in Atlassian Jira | cvebase