CVE-2013-5319
Atlassian JIRA < 6.0.5 - Cross-Site Scripting via Delete User Name Parameter
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via the name parameter to secure/admin/user/DeleteUser!default.jspa.
References (8)
Core 8
Core References
Third Party Advisory x_refsource_misc
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5151.php
Exploit x_refsource_misc
http://cxsecurity.com/issue/WLB-2013080065
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/54417
Exploit x_refsource_misc
http://packetstormsecurity.com/files/122721
Various Sources x_refsource_confirm
https://jira.atlassian.com/i#browse/JRA-34160
Various Sources x_refsource_confirm
https://jira.atlassian.com/secure/ReleaseNote.jspa?projectId=10240&version=33790
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/61647
Various Sources x_refsource_confirm
https://jira.atlassian.com/browse/JRA/fixforversion/33790
Scores
EPSS
0.0051
EPSS Percentile
66.5%
Details
CWE
CWE-79
Status
published
Products (5)
atlassian/jira
6.0
atlassian/jira
6.0.1
atlassian/jira
6.0.2
atlassian/jira
6.0.3
atlassian/jira
< 6.0.4
Published
Aug 20, 2013
Tracked Since
Feb 18, 2026