Description

Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterprise Edition before 3.12.1 allows remote attackers to inject arbitrary web script or HTML, which is not properly handled when generating error messages, as demonstrated by input originally sent in the URI to secure/CreateIssue. NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2007-6617

Related Vulnerabilities

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-9839)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-6665)

MySQL CVE-2020-2574 Vulnerability (CVE-2020-2574)

Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.5)

SugarCRM Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2019-17317)

Severity

Medium

Classification

CVE-2007-6617 CWE-707

Tags

Missing Update Known Vulnerabilities