Lucene search

[email protected]CVE-2008-6831

HistoryJun 08, 2009 - 7:30 p.m.

CVE-2008-6831

2009-06-0819:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-6831

cross-site scripting

xss

atlassian jira

nvd

vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA Enterprise Edition 3.13 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname (Full Name) parameter in the ViewProfile page or (2) returnUrl parameter in a form, as demonstrated using secure/AddComment!default.jspa (aka “Add Comment”).

Affected configurations

NVD

Node

atlassianjiraMatch3.13enterprise

CPENameOperatorVersion
atlassian:jiraatlassian jiraeq3.13

CPE	Name	Operator	Version
atlassian:jira	atlassian jira	eq	3.13

References

confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2008-10-29

osvdb.org/49415

osvdb.org/49416

secunia.com/advisories/32113

www.securityfocus.com/bid/31967

exchange.xforce.ibmcloud.com/vulnerabilities/46167

exchange.xforce.ibmcloud.com/vulnerabilities/46168

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.3%

JSON

Related for CVE-2008-6831

nvd1 cvelist1 prion1