-
Bug
-
Resolution: Fixed
-
Low (View bug fix roadmap)
-
8.0.2, 7.13.3
-
7.13
-
Severity 2 - Major
-
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the project configuration feature.
Affected versions:
- version < 8.3.0
Fixed versions:
- 8.3.0
This is an independent assessment and you should evaluate its applicability to your own IT environment.
CVSS v3 score: 4.8 => Medium severity
Exploitability Metrics
Scope Metric
Impact Metrics
https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N