Atlassian: >> Jira Security Vulnerabilities
The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language.
CVSS Score
7.5
EPSS Score
0.006
Published
2008-01-03
Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a direct request to secure/ConfigureReleaseNote.jspa, which are not sanitized before being returned in an error page.
CVSS Score
2.6
EPSS Score
0.005
Published
2006-07-03
secure/ConfigureReleaseNote.jspa in Atlassian JIRA 3.6.2-#156 allows remote attackers to obtain sensitive information via unspecified manipulations of the projectId parameter, which displays the installation path and other system information in an error message.
CVSS Score
5.0
EPSS Score
0.005
Published
2006-07-03
Page 15