CVE-2008-6831

EPSS 0.49%
Veröffentlicht 08.06.2009 19:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA Enterprise Edition 3.13 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname (Full Name) parameter in the ViewProfile page or (2) returnUrl parameter in a form, as demonstrated using secure/AddComment!default.jspa (aka "Add Comment").

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Atlassian ≫ Jira Version3.13 Editionenterprise

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.49%	0.625

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2008-10-29

Patch

Vendor Advisory

http://osvdb.org/49415

http://osvdb.org/49416

http://secunia.com/advisories/32113

Vendor Advisory

http://www.securityfocus.com/bid/31967

https://exchange.xforce.ibmcloud.com/vulnerabilities/46167

https://exchange.xforce.ibmcloud.com/vulnerabilities/46168

https://nvd.nist.gov/vuln/detail/CVE-2008-6831

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-6831

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-6831

EUVD