Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) element or (2) defaultColor parameter to the Colour Picker page; the (3) formName parameter, (4) element parameter, or (5) full name field to the User Picker page; the (6) formName parameter, (7) element parameter, or (8) group name field to the Group Picker page; the (9) announcement_preview_banner_st parameter to unspecified components, related to the Announcement Banner Preview page; unspecified vectors involving the (10) groupnames.jsp, (11) indexbrowser.jsp, (12) classpath-debug.jsp, (13) viewdocument.jsp, or (14) cleancommentspam.jsp page; the (15) portletKey parameter to runportleterror.jsp; the (16) URI to issuelinksmall.jsp; the (17) afterURL parameter to screenshot-redirecter.jsp; or the (18) HTTP Referrer header to 500page.jsp, as exploited in the wild in April 2010.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Atlassian JIRA多个跨站脚本攻击漏洞
Vulnerability Description
Atlassian JIRA是澳大利亚Atlassian公司开发的一款不错的商业问题跟踪工具,可以对各种类型的问题进行跟踪管理,包括缺陷、需求变更、评审记录等。 Atlassian JIRA 3.12 到 4.1 版本中存在多个跨站脚本攻击漏洞。远程攻击者可以借助多个参数注入任意的web脚本和HTML。这些参数包含:(1)Colour Picker页面的element参数或defaultColor参数;(2)页面User Picker的formName参数、element参数以及full name域;(3
CVSS Information
N/A
Vulnerability Type
N/A