Vulnerabilities > CVE-2007-0885 - Cross-Site Scripting vulnerability in Atlassian JIRA BrowseProject.JSPA

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
rainbow-portal
exploit available
NVD
Published: 2007-02-12
Updated: 2018-10-16

Summary

Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter.

Vulnerable Configurations

Part Description Count
Application
Rainbow_Portal
2

Exploit-Db

descriptionAtlassian JIRA 3.7.3 BrowseProject.JSPA Cross-Site Scripting Vulnerability. CVE-2007-0885. Webapps exploit for jsp platform
idEDB-ID:29576
last seen2016-02-03
modified2007-02-09
published2007-02-09
reporterBL4CK
sourcehttps://www.exploit-db.com/download/29576/
titleAtlassian JIRA 3.7.3 BrowseProject.JSPA Cross-Site Scripting Vulnerability

References