XSS through the orderby parameter in the issue search resource - CVE-2017-16864

2018-01-1204:33:26

security-metrics-bot

jira.atlassian.com

0.001 Low

EPSS

Percentile

40.8%

JSON

The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter.

CPENameOperatorVersion
jira server and data centerlt7.4.2
jira server and data centerle7.4.0
jira server and data centerlt7.5.0
jira server and data centerle7.1.4