CVE-2006-3338
https://notcve.org/view.php?id=CVE-2006-3338
Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a direct request to secure/ConfigureReleaseNote.jspa, which are not sanitized before being returned in an error page. Una vulnerabilidad de Ejecución de comandos en sitios cruzados (XSS) en Atlassian JIRA 3.6.2-#156 permite a atacantes remotos inyectar HTML o scripts web arbitrarios a través de vectores sin especificar en una solicitud directa a secure/ConfigureReleaseNote.jspa, las cuales no son comprobadas antes de ser devueltas en una página de error. • http://pridels0.blogspot.com/2006/06/atlassian-jira-information-disclosure.html http://secunia.com/advisories/20767 http://www.osvdb.org/26744 http://www.securityfocus.com/bid/18575 http://www.vupen.com/english/advisories/2006/2472 https://exchange.xforce.ibmcloud.com/vulnerabilities/27588 •
CVE-2006-3339
https://notcve.org/view.php?id=CVE-2006-3339
secure/ConfigureReleaseNote.jspa in Atlassian JIRA 3.6.2-#156 allows remote attackers to obtain sensitive information via unspecified manipulations of the projectId parameter, which displays the installation path and other system information in an error message. secure/ConfigureReleaseNote.jspa en Atlassian JIRA v3.6.2-#156 permite a atacantes remotos obtener información sensible a través de manipulaciones sin especificar del parámetro "projectId", que muestra la ruta de instalación y otra información del sistema en un mensaje de error. • http://jira.atlassian.com/browse/JRA-10542 http://pridels0.blogspot.com/2006/06/atlassian-jira-information-disclosure.html http://www.osvdb.org/26745 http://www.vupen.com/english/advisories/2006/2472 https://exchange.xforce.ibmcloud.com/vulnerabilities/27235 •