Vulnerability Details CVE-2022-32274
The Transition Scheduler add-on 6.5.0 for Atlassian Jira is prone to stored XSS via the project name to the creation function.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 81.4%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- https://marketplace.atlassian.com/apps/37456/the-scheduler?hosting=server&tab=overview
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-040.txt
- https://marketplace.atlassian.com/apps/37456/the-scheduler?hosting=server&tab=overview
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-040.txt
Products affected by CVE-2022-32274
-
cpe:2.3:a:ttpsc:the_scheduler:6.5.0