Atlassian Jira < 3.12.1 Xss In 500 Page

2023-03-1400:00:00

www.tenable.com

atlassian jira

version 3.12.1

xss

filter deletion

setup flaw

cve-2007-6617

cve-2007-6618

cve-2007-6619

remote attackers

0.006 Low

EPSS

Percentile

79.2%

JSON

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 3.12.1. It, therefore, has multiple vulnerabilities:

a Cross-site scripting (XSS) vulnerability which allows remote attackers to inject arbitrary web script or HTML, which is not properly handled when generating error messages (CVE-2007-6617).
A vulnerability which allows remote attackers to delete another user’s shared filter via a modified filter ID (CVE-2007-6618).
A flaw in the Setup Wizard does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language (CVE-2007-6619).

Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.

No source data

VendorProductVersionCPE
atlassianjira*cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
atlassian	jira	*	cpe:2.3:a:atlassian:jira::::::::

References

confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2007-12-24

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6617

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6618

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6619

0.006 Low

EPSS

Percentile

79.2%

JSON

Related for WEB_APPLICATION_SCANNING_113823