CVE-2018-14383
HIGHTransition Technologies 'The Scheduler' app <5.1.3 - XXE
Title source: llmDescription
The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows XXE due to a weakly configured/parameterized XML parser. It was fixed in the versions 5.2.1 and 3.3.7
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://marketplace.atlassian.com/apps/37456/the-scheduler?hosting=server&tab=versions
Third Party Advisory x_refsource_misc
https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-022_jira_plugin_the_scheduler.txt
Scores
CVSS v3
7.5
EPSS
0.0148
EPSS Percentile
70.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-611
Status
published
Products (1)
ttpsc/the_scheduler
5.1.3
Published
Aug 07, 2019
Tracked Since
Feb 18, 2026