-
Bug
-
Resolution: Fixed
-
Medium (View bug fix roadmap)
-
7.1.4, 7.4.0
-
7.01
-
Severity 2 - Major
-
The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter.
[JRASERVER-66624] XSS through the orderby parameter in the issue search resource - CVE-2017-16864
| Minimum Version | New: 7.01 |
| Workflow | Original: JAC Bug Workflow v2 [ 2842203 ] | New: JAC Bug Workflow v3 [ 2917618 ] |
| Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
| Symptom Severity | Original: Major [ 14431 ] | New: Severity 2 - Major [ 15831 ] |
| Workflow | Original: JIRA Bug Workflow w Kanban v7 - Restricted [ 2591642 ] | New: JAC Bug Workflow v2 [ 2842203 ] |
| Status | Original: Closed [ 6 ] | New: Resolved [ 5 ] |
| Labels | Original: advisory advisory-released cvss-medium dxss security xss | New: advisory advisory-released cvss-medium dxss raid security xss |
| Workflow | Original: JIRA Bug Workflow w Kanban v6 - Restricted [ 2506141 ] | New: JIRA Bug Workflow w Kanban v7 - Restricted [ 2591642 ] |
| Remote Link | Original: This issue links to "Page (Extranet)" [ 345258 ] |
| Labels | Original: advisory advisory-to-release cvss-medium dxss security xss | New: advisory advisory-released cvss-medium dxss security xss |
| Description | Original: The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter.. | New: The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter. |
| Remote Link | New: This issue links to "Page (Extranet)" [ 345258 ] |