CVE-2008-6831

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA Enterprise Edition 3.13 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname (Full Name) parameter in the ViewProfile page or (2) returnUrl parameter in a form, as demonstrated using secure/AddComment!default.jspa (aka "Add Comment").

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/46168

https://exchange.xforce.ibmcloud.com/vulnerabilities/46167

http://www.securityfocus.com/bid/31967

http://secunia.com/advisories/32113

http://osvdb.org/49416

http://osvdb.org/49415

http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2008-10-29

Details

Source: Mitre, NVD

Published: 2009-06-08

Updated: 2017-08-17

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium