[Forgot Password]
Login  Register Subscribe

24437

 
 

131950

 
 

117853

 
 

909

 
 

91655

 
 

143

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2018-5230Date: (C)2018-05-14   (M)2018-10-15


The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 6.1CVSS Score : 4.3
Exploit Score: 2.8Exploit Score: 8.6
Impact Score: 2.7Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: REQUIREDConfidentiality: NONE
Scope: CHANGEDIntegrity: PARTIAL
Confidentiality: LOWAvailability: NONE
Integrity: LOW 
Availability: NONE 
  
Reference:
https://jira.atlassian.com/browse/JRASERVER-67289

CPE    402
cpe:/a:atlassian:jira:7.6.1
cpe:/a:atlassian:jira:3.9.1::standard
cpe:/a:atlassian:jira:3.13.1::professional
cpe:/a:atlassian:jira:3.4.1::standard
...
CWE    1
CWE-79

© SecPod Technologies