CVE-2019-3400Cross-site Scripting in Atlassian Jira

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.4%
top 40.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Atlassian JiraAtlassian Jira Server
Timeline
PublishedMay 3
Latest updateMay 24

Description

The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jql parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5atlassian/jiraunspecified7.13.2+2
NVDatlassian/jira_server8.0.08.0.2+1

🔴Vulnerability Details

2
GHSA
GHSA-hj8f-vg5g-xqx5: The labels gadget in Jira before version 72022-05-24
CVEList
CVE-2019-3400: The labels gadget in Jira before version 72019-05-03
CVE-2019-3400 — Cross-site Scripting in Atlassian Jira | cvebase