CVE-2007-6617

Sažetak

Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterprise Edition before 3.12.1 allows remote attackers to inject arbitrary web script or HTML, which is not properly handled when generating error messages, as demonstrated by input originally sent in the URI to secure/CreateIssue. NOTE: some of these details are obtained from third party information.

Reference

http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2007-12-24
http://jira.atlassian.com/browse/CONF-9560
http://osvdb.org/42768
http://secunia.com/advisories/27954
http://www.securityfocus.com/bid/27094
http://www.securityfocus.com/bid/27095

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

15-11-2008 - 07:05

Objavljeno

03-01-2008 - 23:46