exploitDog

CVE-2021-27222

Опубликовано: 08 мар. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

In the "Time in Status" app before 4.13.0 for Jira, remote authenticated attackers can cause Stored XSS.

Ссылки

https://dev.obss.com.tr/confluence/display/MD/2021-02-25+Time+in+Status+for+Jira+Server+and+Data+Center+Security+Advisory
Vendor Advisory
https://dev.obss.com.tr/jira/browse/APDTIS-1097?src=confmacro
Permissions Required
https://marketplace.atlassian.com/apps/1211756/time-in-status/version-history
Release Notes
Third Party Advisory
https://dev.obss.com.tr/confluence/display/MD/2021-02-25+Time+in+Status+for+Jira+Server+and+Data+Center+Security+Advisory
Vendor Advisory
https://dev.obss.com.tr/jira/browse/APDTIS-1097?src=confmacro
Permissions Required
https://marketplace.atlassian.com/apps/1211756/time-in-status/version-history
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:obss:time_in_status:*:*:*:*:*:jira:*:*

Версия до 4.13.0 (исключая)

EPSS

Процентиль: 49%

0.00262

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-vq7h-8xhv-fmhq

github

больше 3 лет назад

In the "Time in Status" app before 4.13.0 for Jira, remote authenticated attackers can cause Stored XSS.

EPSS

Процентиль: 49%

0.00262

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79