CVE-2010-1164
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) element or (2) defaultColor parameter to the Colour Picker page; the (3) formName parameter, (4) element parameter, or (5) full name field to the User Picker page; the (6) formName parameter, (7) element parameter, or (8) group name field to the Group Picker page; the (9) announcement_preview_banner_st parameter to unspecified components, related to the Announcement Banner Preview page; unspecified vectors involving the (10) groupnames.jsp, (11) indexbrowser.jsp, (12) classpath-debug.jsp, (13) viewdocument.jsp, or (14) cleancommentspam.jsp page; the (15) portletKey parameter to runportleterror.jsp; the (16) URI to issuelinksmall.jsp; the (17) afterURL parameter to screenshot-redirecter.jsp; or the (18) HTTP Referrer header to 500page.jsp, as exploited in the wild in April 2010.
Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en Atlassian JIRA v3.12 hasta la v4.1. Permiten a usuarios remotos inyectar codigo de script web o código HTML de su elección a través de el parámetro (1) "element" (elemento) o (2) "defaultColor" (color por defecto) a la página de "Colour Picker" (selección de colores); el (3) parámetro "formName", (4) parámetro "element", o (5) campo "full name" (nombre completo) a la página "User Picker" (selección de usuario); el (6) parámetro formName, (7) parámetro "element", o (8) campo "group name" (nombre de grupo) a la página "Group Picker" (selección de grupo); el (9) parámetro announcement_preview_banner_st de componentes sin especificar, relacionados con la página "Announcement Banner Preview" (vista previa de anuncio); vectores sin especificar relacionados con las páginas (10) groupnames.jsp, (11) indexbrowser.jsp, (12) classpath-debug.jsp, (13) viewdocument.jsp, o (14) cleancommentspam.jsp; el (15) parámetro portletKey de runportleterror.jsp; la (16) URI de issuelinksmall.jsp; el (17) parámetro afterURL de screenshot-redirecter.jsp; o la (18) cabecera HTTP Referrer de 500page.jsp, tal como se ha explotado activamente en Abril del 2010.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-03-29 CVE Reserved
- 2010-04-20 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2010/04/16/3 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2010/04/16/4 | Mailing List |
|
| http://www.securityfocus.com/bid/39485 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/57826 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/57827 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-04-16 | 2017-08-17 | |
| http://jira.atlassian.com/browse/JRA-21004 | 2017-08-17 |
| URL | Date | SRC |
|---|---|---|
| http://jira.atlassian.com/browse/JRA-20994 | 2017-08-17 | |
| http://secunia.com/advisories/39353 | 2017-08-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Atlassian Search vendor "Atlassian" | Jira Search vendor "Atlassian" for product "Jira" | 3.12 Search vendor "Atlassian" for product "Jira" and version "3.12" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Jira Search vendor "Atlassian" for product "Jira" | 3.12.1 Search vendor "Atlassian" for product "Jira" and version "3.12.1" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Jira Search vendor "Atlassian" for product "Jira" | 3.12.2 Search vendor "Atlassian" for product "Jira" and version "3.12.2" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Jira Search vendor "Atlassian" for product "Jira" | 3.12.3 Search vendor "Atlassian" for product "Jira" and version "3.12.3" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Jira Search vendor "Atlassian" for product "Jira" | 3.13 Search vendor "Atlassian" for product "Jira" and version "3.13" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Jira Search vendor "Atlassian" for product "Jira" | 3.13.1 Search vendor "Atlassian" for product "Jira" and version "3.13.1" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Jira Search vendor "Atlassian" for product "Jira" | 3.13.2 Search vendor "Atlassian" for product "Jira" and version "3.13.2" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Jira Search vendor "Atlassian" for product "Jira" | 3.13.3 Search vendor "Atlassian" for product "Jira" and version "3.13.3" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Jira Search vendor "Atlassian" for product "Jira" | 3.13.4 Search vendor "Atlassian" for product "Jira" and version "3.13.4" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Jira Search vendor "Atlassian" for product "Jira" | 3.13.5 Search vendor "Atlassian" for product "Jira" and version "3.13.5" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Jira Search vendor "Atlassian" for product "Jira" | 4.0 Search vendor "Atlassian" for product "Jira" and version "4.0" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Jira Search vendor "Atlassian" for product "Jira" | 4.0.1 Search vendor "Atlassian" for product "Jira" and version "4.0.1" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Jira Search vendor "Atlassian" for product "Jira" | 4.0.2 Search vendor "Atlassian" for product "Jira" and version "4.0.2" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Jira Search vendor "Atlassian" for product "Jira" | 4.1 Search vendor "Atlassian" for product "Jira" and version "4.1" | - |
Affected
| ||||||