[JRASERVER-61861] CVE-2016-4318: XSS vulnerability in role name on /project/ViewDefaultProjectRoleActors.jspa

Type: Bug
Resolution: Fixed
Priority: Low (View bug fix roadmap)
Fix Version/s: 7.1.9, Available in Jira Cloud
Affects Version/s: None
Component/s: Project Administration - Users and Roles
Labels:

CVSS Score:
4.8
Bug Fix Policy:
View Atlassian Server bug fix policy

NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.

A JIRA administrator(a user who is a member of the jira-administrators group) can create a persistent XSS that affects the /project/ViewDefaultProjectRoleActors.jspa resource through a role name.

relates to

JRACLOUD-61861 CVE-2016-4318: XSS vulnerability in role name on /project/ViewDefaultProjectRoleActors.jspa

Closed

David Black added a comment - 13/Jul/2016 5:51 AM - edited

CVSS v3 score: 4.8 => Medium severity

Exploitability Metrics

Attack Vector	Network
Attack Complexity	Low
Privileges Required	High
User Interaction	Required

Scope Metric

Scope	Changed

Impact Metrics

Confidentiality	Low
Integrity	Low
Availability	None

David Black added a comment - 13/Jul/2016 5:51 AM - edited CVSS v3 score: 4.8 => Medium severity Exploitability Metrics Attack Vector Network Attack Complexity Low Privileges Required High User Interaction Required Scope Metric Scope Changed Impact Metrics Confidentiality Low Integrity Low Availability None

Assignee:: Unassigned

Reporter:: lukasz.plonka324392336

Affected customers:: 0 This affects my team

Watchers:: 2 Start watching this issue

Created:: 13/Jul/2016 5:47 AM

Updated:: 16/Oct/2018 12:48 AM

Resolved:: 13/Jul/2016 5:52 AM

Details

Description

Attachments

Issue Links

Forms

Activity

Collapse comment: David Black added a comment - 13/Jul/2016 5:51 AM, Edited by David Black - 13/Jul/2016 5:52 AM

Expand comment: David Black added a comment - 13/Jul/2016 5:51 AM, Edited by David Black - 13/Jul/2016 5:52 AM

People

Dates