Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
atlassianSecurity-metrics-botATLASSIAN:JRASERVER-67106
HistoryApr 10, 2018 - 3:18 a.m.

XSS in the agile wallboard gadget through quick filter names - CVE-2017-18100

2018-04-1003:18:36
security-metrics-bot
jira.atlassian.com
605

0.001 Low

EPSS

Percentile

40.8%

JSON

The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters.

h3. Workaround
Disable the gadget.

  • Navigate to Administration > Add-ons > Manage add-ons and set the filter to show Application Components.
  • Scroll down the list of plugins and expand JIRA Agile.
  • Click the “+” symbol next to the count of modules in this plugin to expand the list.
  • Scroll down until you find the Agile board gadget and set it to disabled.

Related

cve 1
nessus 1
prion 1
nvd 1
atlassian 1
cvelist 1
cve
cve
CVE-2017-18100
2018-04-10 13:29:00
nessus
nessus
Atlassian JIRA < 7.8.1 Cross-Site Scripting (XSS) Vulnerability (JRASERVER-67106)
2020-01-06 00:00:00
prion
prion
Cross site scripting
2018-04-10 13:29:00
nvd
nvd
CVE-2017-18100
2018-04-10 13:29:00
atlassian
atlassian
XSS in the agile wallboard gadget through quick filter names - CVE-2017-18100
2018-04-10 03:18:36
cvelist
cvelist
CVE-2017-18100
2018-04-10 13:00:00

0.001 Low

EPSS

Percentile

40.8%

JSON
Related for ATLASSIAN:JRASERVER-67106
cve1nessus1prion1nvd1atlassian1cvelist1