Atlassian.JIRA.c0-id.Parameter.XSS

description-logoDescription

JIRA is a proprietary issue tracking product, developed by Atlassian, commonly used for bug tracking, issue tracking, and project management.
Atlassian JIRA is prone to across-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data via the 'c0-id' parameter when calling DWR library function. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user.

affected-products-logoAffected Products

Atlassian JIRA prior to 3.13.3

Impact logoImpact

Attacker can inject arbitrary web scripts into the web page that could run in the context of the affected site.

recomended-action-logoRecommended Actions

Follow the instructions on the vendor's security advisory and apply the patch.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)