Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_112626
HistoryOct 27, 2020 - 12:00 a.m.

Atlassian Jira < 7.6.6 Multiple Vulnerabilities

2020-10-2700:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
4
JSON

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is potentially affected by multiple vulnerabilities:

  • Atlassian Jira contains a flaw that allows a reflected cross-site scripting (XSS) attack. This flaw exists because the issue collector does not properly sanitize input to error messages for custom fields before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that executes arbitrary script code in a user’s browser session within the trust relationship between their browser and the server. (CVE-2018-5230)

  • Atlassian Jira contains a flaw in the ForgotLoginDetails resource that is triggered during the handling of a specially crafted request. This may allow a remote attacker to cause a denial of service. (CVE-2018-5231)

Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.

No source data
VendorProductVersionCPE
atlassianjira*cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*

Related

nessus 4
cve 2
prion 2
atlassian 4
nuclei 1
hackerone 2
nessus
nessus
Atlassian JIRA 7.6.5 / 7.7.x < 7.7.4 / 7.8.x < 7.8.4 / 7.9.x < 7.9.2 Multiple Vulnerabilities (SB18-141)
2018-05-25 00:00:00
Atlassian Jira 7.7.x < 7.7.4 Multiple Vulnerabilities
2020-10-27 00:00:00
Atlassian Jira 7.8.x < 7.8.4 Multiple Vulnerabilities
2020-10-27 00:00:00
cve
cve
CVE-2018-5231
2018-05-16 13:29:00
CVE-2018-5230
2018-05-14 13:29:00
prion
prion
Cross site scripting
2018-05-14 13:29:00
Design/Logic Flaw
2018-05-16 13:29:00
atlassian
atlassian
XSS in the issue collector through invalid values for a custom field - CVE-2018-5230
2018-05-11 05:27:19
Denial of service through the ForgotLoginDetails resource - CVE-2018-5231
2018-05-11 05:57:14
Denial of service through the ForgotLoginDetails resource - CVE-2018-5231
2018-05-11 05:57:14
nuclei
nuclei
Atlassian Jira Confluence - Cross-Site Scripting
2020-04-08 11:25:25
hackerone
hackerone
Topcoder: Cross Site Scripting via CVE-2018-5230 on https://apps.topcoder.com
2020-01-23 06:16:46
Roblox: Reflected XSS through multiple inputs in the issue collector on Jira
2018-07-11 00:51:16
JSON
Related for WEB_APPLICATION_SCANNING_112626
nessus4cve2prion2atlassian4nuclei1hackerone2