QID 150463

Date Published: 2022-02-03

QID 150463: Atlassian Jira Server Cross-Site Scripting Vulnerability (JRASERVER-72939)

Jira is a proprietary issue tracking product, product developed by Atlassian. It provides bug tracking, issue tracking, and project management functions.

The installed version of Jira Atlassian Server allow unauthenticated remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the /secure/admin/ImporterFinishedPage.jspa error message.

Affected version:
before version 8.13.12
from version 8.14.0 before 8.20.2

Successful exploitation could allow an attacker to execute arbitrary JavaScript code in the context of the interface or allow the attacker to access sensitive, browser-based information.

  • CVSS V3 rated as High - 6.1 severity.
  • CVSS V2 rated as Medium - 4.3 severity.
  • Solution
    Upgrade the Atlassian Jira to new version.
    Vendor References

    CVEs related to QID 150463

    Software Advisories
    Advisory ID Software Component Link
    JRASERVER-72939 URL Logo jira.atlassian.com/browse/JRASERVER-72939