Atlassian.JIRA.c0-id.Parameter.XSS
Description
JIRA is a proprietary issue tracking product, developed by Atlassian, commonly used for bug tracking, issue tracking, and project management.
Atlassian JIRA is prone to across-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data via the 'c0-id' parameter when calling DWR library function. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user.
Affected Products
Atlassian JIRA prior to 3.13.3
Impact
Attacker can inject arbitrary web scripts into the web page that could run in the context of the affected site.
Recommended Actions
Follow the instructions on the vendor's security advisory and apply the patch.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |