CVE-2019-8450Cross-site Scripting in Atlassian Jira

CWE-79Cross-site Scripting4 documents4 sources
Severity
4.8MEDIUMNVD
EPSS
0.2%
top 53.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Atlassian JiraAtlassian Jira Server
Timeline
PublishedSep 11
Latest updateMay 24

Description

Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a custom field.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

CVEListV5atlassian/jiraunspecified7.13.6+2
NVDatlassian/jira_server7.13.07.13.6+1

🔴Vulnerability Details

3
GHSA
GHSA-wgx3-89qx-v29j: Various templates of the Optimization plugin in Jira before version 72022-05-24
OSV
squid, squid3 vulnerabilities2020-02-20
CVEList
CVE-2019-8450: Various templates of the Optimization plugin in Jira before version 72019-09-11
CVE-2019-8450 — Cross-site Scripting in Atlassian Jira | cvebase