CVE-2018-5230

MEDIUM NUCLEI

Atlassian Jira <7.6.6, <7.7.0-7.7.4, <7.8.0-7.8.4, <7.9.0-7.9.2 - XSS

Title source: llm

Description

The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified.

Nuclei Templates (1)

Atlassian Jira Confluence - Cross-Site Scripting

MEDIUMby madrobot

Shodan:

http.component:"Atlassian Confluence" || http.component:"atlassian jira" || http.component:"atlassian confluence" || cpe:"cpe:2.3:a:atlassian:jira"

References (1)

[Issue Tracking, Vendor Advisory] https://jira.atlassian.com/browse/JRASERVER-67289

Scores

CVSS v3 6.1

EPSS 0.2272

EPSS Percentile 95.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

atlassian/jira < 7.6.6

atlassian/jira_server 7.7.0 - 7.7.4

Published May 14, 2018

Tracked Since Feb 18, 2026