Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_113814
HistoryMar 14, 2023 - 12:00 a.m.

Atlassian Jira < 7.1.9 Multiple Vulnerabilities

2023-03-1400:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
atlassian jira
version 7.1.9
multiple vulnerabilities
cross site request forgery
cross site scripting
cve-2016-4319
cve-2016-4318
application scanner

0.002 Low

EPSS

Percentile

53.5%

JSON

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to . It is, therefore, affected by multiple vulnerabilities:

  • A vulnerability in the /auditing/settings endpoint, which permits attackers to perform Cross Site Request Forgery (CSRF) attacks against this endpoint (CVE-2016-4319).

  • A vulnerability in the /auditing/settings endpoint, which permits attackers to inject arbitrary HTML or JavaScript via a Cross Site Scripting (XSS) attack in project/ViewDefaultProjectRoleActors.jspa using the role name parameter (CVE-2016-4318).

Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.

No source data
VendorProductVersionCPE
atlassianjira*cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*

Related

openvas 1
cvelist 2
cve 2
nessus 1
atlassian 4
prion 2
nvd 2
openvas
openvas
Atlassian JIRA Multiple Vulnerabilities
2017-04-18 00:00:00
cvelist
cvelist
CVE-2016-4318
2017-04-10 03:00:00
CVE-2016-4319
2017-04-10 03:00:00
cve
cve
CVE-2016-4319
2017-04-10 03:59:01
CVE-2016-4318
2017-04-10 03:59:01
nessus
nessus
Atlassian Jira < 7.1.9 Role Name XSS (JRASERVER-61861)
2020-04-08 00:00:00
atlassian
atlassian
CVE-2016-4319: /auditing/settings was vulnerable to CSRF
2016-07-07 00:32:14
CVE-2016-4319: /auditing/settings was vulnerable to CSRF
2016-07-07 00:32:14
CVE-2016-4319: /auditing/settings was vulnerable to CSRF
2016-07-07 00:32:14
prion
prion
Cross site request forgery (csrf)
2017-04-10 03:59:00
Cross site scripting
2017-04-10 03:59:00
nvd
nvd
CVE-2016-4319
2017-04-10 03:59:01
CVE-2016-4318
2017-04-10 03:59:01

0.002 Low

EPSS

Percentile

53.5%

JSON
Related for WEB_APPLICATION_SCANNING_113814
openvas1cvelist2cve2nessus1atlassian4prion2nvd2