CVE-2007-0885

EXPLOITED NUCLEI

Rainbow with the Zen - Cross-Site Scripting via id Parameter

Title source: llm

Exploitation Summary

CVE-2007-0885 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including BL4CK. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Atlassian JIRA by injecting a script tag into the 'id' parameter of the BrowseProject.jspa page. The vulnerability arises due to insufficient input sanitization, allowing arbitrary JavaScript execution in the context of the affected site.

Description

Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by BL4CK · textwebappsjsp

https://www.exploit-db.com/exploits/29576

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Atlassian JIRA by injecting a script tag into the 'id' parameter of the BrowseProject.jspa page. The vulnerability arises due to insufficient input sanitization, allowing arbitrary JavaScript execution in the context of the affected site.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Atlassian JIRA (version not specified)

No auth needed

Prerequisites: Access to the target JIRA instance · User interaction to trigger the XSS payload

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Jira Rainbow.Zen - Cross-Site Scripting

MEDIUMby geeknik

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/22503

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/32418

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/459590/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/33683

Scores

EPSS 0.0159

EPSS Percentile 82.2%

Details

VulnCheck KEV 2025-06-07

Status published

Products (2)

rainbow_portal/rainbow.zen

rainbow_portal/rainbow_with_the_zen

Published Feb 12, 2007

Tracked Since Feb 18, 2026