Описание
Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The affected versions are before version 8.20.3.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.20.3 (исключая)Версия до 8.20.3 (исключая)
Одно из
cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
EPSS
Процентиль: 49%
0.0026
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 4.8
github
больше 3 лет назад
Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The affected versions are before version 8.20.3.
EPSS
Процентиль: 49%
0.0026
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79