CVE-2022-36801

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.1MEDIUM
EPSS
2.8%
top 13.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Atlassian Jira Data CenterAtlassian Jira Server
Timeline
PublishedAug 10
Latest updateAug 11

Description

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (RXSS) vulnerability in the TeamManagement.jspa endpoint. The affected versions are before version 8.20.8.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

CVEListV5atlassian/jira_data_centerunspecified8.20.8
CVEListV5atlassian/jira_serverunspecified8.20.8
NVDatlassian/jira_server< 8.20.8

🔴Vulnerability Details

2
GHSA
GHSA-4p3f-v89g-m246: Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cro2022-08-11
CVEList
CVE-2022-36801: Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cro2022-08-10
CVE-2022-36801 (MEDIUM CVSS 6.1) | Affected versions of Atlassian Jira | cvebase.io