[JRASERVER-66624] XSS through the orderby parameter in the issue search resource - CVE-2017-16864 - Create and track feature requests for Atlassian products.

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Medium
Resolution: Fixed
Affects Version/s: 7.1.4, 7.4.0
Fix Version/s: 7.4.2, 7.5.0
Component/s: Navigation - Filters
Labels:
- advisory
- advisory-released
- cvss-medium
- dxss
- raid
- security
- xss

Introduced in Version:
7.01
Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 12/Jan/2018 4:33 AM

Updated:: 28/Mar/2019 12:24 AM

Resolved:: 12/Jan/2018 4:39 AM