CVE-2018-5230 PoC — Atlassian Jira issue collector 跨站脚本漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-5230.yaml

Associated Vulnerability

Title:Atlassian Jira issue collector 跨站脚本漏洞 (CVE-2018-5230)
Description:Atlassian JIRA是澳大利亚Atlassian公司的一套缺陷跟踪管理系统。该系统主要用于对工作中各类问题、缺陷进行跟踪管理。issue collector是其中的一个问题收集器。 Atlassian Jira中的issue collector的自定义字段的错误消息存在跨站脚本漏洞。远程攻击者可利用该漏洞注入任意的HTML或JavaScript代码。以下版本受到影响：Atlassian Jira 7.6.6之前版本，7.7.4之前的7.7.0版本，7.8.4之前的7.8.0版本，7.9.2之前的7

Description

Atlassian Jira Confluence before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4, and from version 7.9.0 before version 7.9.2, allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the error message of custom fields when an invalid value is specified.

File Snapshot


 id: CVE-2018-5230

info:
  name: Atlassian Jira Confluence - Cross-Site Scripting
  author: madrobot

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!