Vulnerabilities > CVE-2007-6618 - Security Bypass Weaknesses in Atlassian JIRA

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
atlassian
nessus

Summary

JIRA Enterprise Edition before 3.12.1 allows remote attackers to delete another user's shared filter via a modified filter ID.

Nessus

NASL familyCGI abuses : XSS
NASL idJIRA_3_12_1.NASL
descriptionThe Atlassian JIRA installation hosted on the remote web server is affected by a cross-site scripting (XSS) vulnerability due to a failure to properly sanitize user-supplied error messages before being passed to the 500page.jsp script. A remote attacker, using a crafted URL, can exploit this to execute arbitrary code in a user
last seen2020-06-01
modified2020-06-02
plugin id29834
published2008-01-03
reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/29834
titleAtlassian JIRA 500page.jsp XSS