[JRASERVER-66624] XSS through the orderby parameter in the issue search resource - CVE-2017-16864 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Medium (View bug fix roadmap)
Fix Version/s: 7.4.2, 7.5.0
Affects Version/s: 7.1.4, 7.4.0
Component/s: Navigation - Filters
Labels:
- advisory
- advisory-released
- cvss-medium
- dxss
- raid
- security
- xss

Introduced in Version:
7.01
Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter.

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Affected customers:: 0 This affects my team

Watchers:: 4 Start watching this issue

Created:: 12/Jan/2018 4:33 AM

Updated:: 28/Mar/2019 12:24 AM

Resolved:: 12/Jan/2018 4:39 AM

Jira Data Center

Details

Description

Attachments

Forms

Activity

[JRASERVER-66624] XSS through the orderby parameter in the issue search resource - CVE-2017-16864

People

Dates