6 matches found
CVE-2023-50930
An issue was discovered in savignano S/Notify before 4.0.2 for Jira. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a...
cigerzade.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1166121 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
huisartsenvoorhout.nl Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1102272 Security Researcher KhanJanny Helped patch 3056 vulnerabilities Received 9 Coordinated Disclosure badges Received 38 recommendations , a holder of 9 badges for responsible and coordinated disclosure, found a security vulnerability affecting huisartsenvoorhout.nl...
sugarbeats.at Cross Site Scripting vulnerability OBB-1102067
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
qa.theutilityjob.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-974209 Security Researcher garletmarco Helped patch 1540 vulnerabilities Received 4 Coordinated Disclosure badges , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting qa.theutilityjob.com website and its users. Followi...
should be able to login only via https
you should be able to configure JIRA to login via HTTPS. this is almost possible in 2.4.1. You can specify an https URL in security-config.xml as the login.url parameter. this makes loing links from e.g. the issue view page work correctly. a slight problem here is that the session remiains in the...