Description
Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterprise Edition before 3.12.1 allows remote attackers to inject arbitrary web script or HTML, which is not properly handled when generating error messages, as demonstrated by input originally sent in the URI to secure/CreateIssue. NOTE: some of these details are obtained from third party information.
References (6)
Core 6
Core References
Patch x_refsource_confirm
http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2007-12-24
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/42768
Various Sources x_refsource_confirm
http://jira.atlassian.com/browse/CONF-9560
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27954
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/27095
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/27094
Scores
EPSS
0.0048
EPSS Percentile
65.2%
Details
CWE
CWE-79
Status
published
Products (1)
atlassian/jira
< 3.12
Published
Jan 03, 2008
Tracked Since
Feb 18, 2026