CVE-2007-6617

JIRA Enterprise Edition <3.12.1 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterprise Edition before 3.12.1 allows remote attackers to inject arbitrary web script or HTML, which is not properly handled when generating error messages, as demonstrated by input originally sent in the URI to secure/CreateIssue. NOTE: some of these details are obtained from third party information.

References (6)

[Patch] http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2007-12-24

[Various Sources] http://jira.atlassian.com/browse/CONF-9560

[Third Party Advisory, VDB Entry] http://osvdb.org/42768

[Vendor Advisory] http://secunia.com/advisories/27954

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/27094

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/27095

Scores

EPSS 0.0045

EPSS Percentile 63.2%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

atlassian/jira < 3.12

Timeline

Published Jan 03, 2008

Tracked Since Feb 18, 2026