CVE-2012-1500

MEDIUM

GreenHopper < 5.9.8 - Stored Cross-Site Scripting in UpdateFieldJson.jspa

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-1500. PoCs published by Hoyt LLC Research.

AI-analyzed exploit summary This is a proof-of-concept for a stored XSS vulnerability in JIRA v4.4.3 and GreenHopper prior to v5.9.8. The exploit demonstrates how an attacker can inject arbitrary script code via a CSRF form, leading to credential theft.

Description

Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8 allows an attacker to inject arbitrary script code.

Exploits (1)

exploitdb WORKING POC

by Hoyt LLC Research · textwebappsjsp

https://www.exploit-db.com/exploits/21052

View Code ZIP pw:eip

This is a proof-of-concept for a stored XSS vulnerability in JIRA v4.4.3 and GreenHopper prior to v5.9.8. The exploit demonstrates how an attacker can inject arbitrary script code via a CSRF form, leading to credential theft.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Atlassian JIRA v4.4.3 and GreenHopper prior to v5.9.8

Auth required

Prerequisites: Victim must be logged into JIRA · Victim must visit attacker-controlled link

MITRE ATT&CK

T1189 - Drive-by Compromise T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://web.archive.org/web/20121014055829/http://www.cloudscan.me/2012/09/cve-2012-1500-ghs-5375-ghs-5642.html

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/21052

Scores

CVSS v3 5.4

EPSS 0.0112

EPSS Percentile 62.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

atlassian/greenhopper < 5.9.8

atlassian/jira 4.4.3

Published Feb 13, 2020

Tracked Since Feb 18, 2026