CVE

Id
29974  
CVE No.
CVE-2007-6617  
Status
Candidate  
Description
Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterprise Edition before 3.12.1 allows remote attackers to inject arbitrary web script or HTML, which is not properly handled when generating error messages, as demonstrated by input originally sent in the URI to secure/CreateIssue. NOTE: some of these details are obtained from third party information.  
Phase
Assigned (20080103)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
317160 29974 CVE-2007-6617 CONFIRM:http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2007-12-24  View
317161 29974 CVE-2007-6617 CONFIRM:http://jira.atlassian.com/browse/CONF-9560  View
317162 29974 CVE-2007-6617 BID:27094  View
317163 29974 CVE-2007-6617 URL:http://www.securityfocus.com/bid/27094  View
317164 29974 CVE-2007-6617 BID:27095  View
317165 29974 CVE-2007-6617 URL:http://www.securityfocus.com/bid/27095  View
317166 29974 CVE-2007-6617 OSVDB:42768  View
317167 29974 CVE-2007-6617 URL:http://osvdb.org/42768  View
317168 29974 CVE-2007-6617 SECUNIA:27954  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
47233 JVNDB-2008-002543 Atlassian JIRA Enterprise Edition の Setup Wizard におけるデフォルト言語を変更される脆弱性 Atlassian JIRA Enterprise Edition の Setup Wizard には、セットアップ完了後セットアップ試行を適切に制限しないため、デフォルト言語を変更される脆弱性が存在します。 CVE-2007-6619 29974 7.5 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002543.html  View