CVE-2018-5230
MEDIUM NUCLEIAtlassian Jira <7.6.6, <7.7.0-7.7.4, <7.8.0-7.8.4, <7.9.0-7.9.2 - XSS
Title source: llmExploitation Summary
CVE-2018-5230 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified.
Nuclei Templates (1)
Atlassian Jira Confluence - Cross-Site Scripting
MEDIUMby madrobot
Shodan:
http.component:"Atlassian Confluence" || http.component:"atlassian jira" || http.component:"atlassian confluence" || cpe:"cpe:2.3:a:atlassian:jira"
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://jira.atlassian.com/browse/JRASERVER-67289
Scores
CVSS v3
6.1
EPSS
0.3761
EPSS Percentile
98.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
atlassian/jira
< 7.6.6
atlassian/jira_server
7.7.0 - 7.7.4
Published
May 14, 2018
Tracked Since
Feb 18, 2026