CVE-2007-6617
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterprise Edition before 3.12.1 allows remote attackers to inject arbitrary web script or HTML, which is not properly handled when generating error messages, as demonstrated by input originally sent in the URI to secure/CreateIssue. NOTE: some of these details are obtained from third party information.
Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en 500page.jsp de JIRA Enterprise Edition versiones anteriores a 3.12.1 permite a atacantes remotos inyectar scripts web o HTML de su elección, que no son apropiadamente gestionado cuando se generan mensajes de error, como se demuestra con entradas originalmente enviadas en el URI a secure/CreateIssue.
NOTA: algunos de estos detalles se han obtenido de información de terceros.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-01-03 CVE Reserved
- 2008-01-03 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://jira.atlassian.com/browse/CONF-9560 | X_refsource_confirm | |
| http://osvdb.org/42768 | Vdb Entry | |
| http://www.securityfocus.com/bid/27094 | Vdb Entry | |
| http://www.securityfocus.com/bid/27095 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2007-12-24 | 2008-11-15 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/27954 | 2008-11-15 |