Vulnerabilities > CVE-2007-6618 - Unspecified vulnerability in Atlassian Jira
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN atlassian
nessus
Summary
JIRA Enterprise Edition before 3.12.1 allows remote attackers to delete another user's shared filter via a modified filter ID.
Vulnerable Configurations
Nessus
| NASL family | CGI abuses : XSS |
| NASL id | JIRA_3_12_1.NASL |
| description | The Atlassian JIRA installation hosted on the remote web server is affected by a cross-site scripting (XSS) vulnerability due to a failure to properly sanitize user-supplied error messages before being passed to the 500page.jsp script. A remote attacker, using a crafted URL, can exploit this to execute arbitrary code in a user |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 29834 |
| published | 2008-01-03 |
| reporter | This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/29834 |
| title | Atlassian JIRA 500page.jsp XSS |
References
- http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2007-12-24
- http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2007-12-24
- http://osvdb.org/42769
- http://osvdb.org/42769
- http://secunia.com/advisories/27954
- http://secunia.com/advisories/27954
- http://www.securityfocus.com/bid/27095
- http://www.securityfocus.com/bid/27095