CVE Database · CVE-2019-3402
CVSS v3.1
N/A
EPSS
8.95%
Published
May 22, 2019
Modified
Nov 21, 2024
Public PoC / Exploit (2)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.
Weaknesses (CWE)
Affected Products (2)
References (2)
