Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_113817
HistoryMar 14, 2023 - 12:00 a.m.

Atlassian Jira < 6.0.5 Multiple Vulnerabilities

2023-03-1400:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
atlassian jira
version
prior
multiple vulnerabilities
directory traversal
importers plugin
remote attackers
arbitrary files
cross-site scripting
xss
secure/admin/user/views/deleteuserconfirm.jsp
admin panel
web script
html
name parameter
scanner
self-reported

EPSS

0.004

Percentile

72.2%

JSON

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 6.0.5. It is, therefore, affected by multiple vulnerabilities:

  • A directory traversal in the Importers Plugin which permits remote attackers to create arbitrary files (CVE-2014-2313).

  • A Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel which allows remote attackers to inject arbitrary web script or HTML via the name parameter to secure/admin/user/DeleteUser!default.jspa (CVE-2013-5319).

Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.

No source data

Related

nessus 1
prion 2
cve 2
zeroscience 1
cvelist 2
nvd 2
seebug 1
openvas 1
nessus
nessus
Atlassian JIRA < 6.0.5 Multiple Vulnerabilities
2014-03-31 00:00:00
prion
prion
Cross site scripting
2013-08-20 14:55:00
Directory traversal
2014-03-09 13:16:00
cve
cve
CVE-2013-5319
2013-08-20 14:55:47
CVE-2014-2313
2014-03-09 13:16:57
zeroscience
zeroscience
Atlassian JIRA v6.0.3 Arbitrary HTML/Script Execution Vulnerability
2013-08-06 00:00:00
cvelist
cvelist
CVE-2013-5319
2013-08-20 14:00:00
CVE-2014-2313
2014-03-07 20:00:00
nvd
nvd
CVE-2013-5319
2013-08-20 14:55:47
CVE-2014-2313
2014-03-09 13:16:57
seebug
seebug
Atlassian JIRA Issue Collector插件目录遍历漏洞
2014-03-11 00:00:00
openvas
openvas
Atlassian JIRA < 6.0.5 Directory Traversal Vulnerabilities
2016-07-27 00:00:00

EPSS

0.004

Percentile

72.2%

JSON
Related for WEB_APPLICATION_SCANNING_113817
nessus1prion2cve2zeroscience1cvelist2nvd2seebug1openvas1