漏洞描述
版本7.6.6之前的Atlassian JiraConfluence、版本7.7.4之前的版本7.7.0、版本7.8.4之前的7.8.0以及版本7.9.2之前的7.9.0,允许远程攻击者在指定无效值时,通过自定义字段的错误消息中的跨站点脚本漏洞注入任意HTML或JavaScript。
Atlassian Jira Confluence xss(CVE-2018-5230)
PoC代码
暂无相关漏洞推荐
-
CVE-2019-11581: Atlassian Jira未授权服务端模板注入漏洞 POC
2025-09-01 | Atlassian JiraJira Server and Data Center is susceptible to a server-side template injection vulnerability via the... -
CVE-2019-8442: Atlassian Jira webroot leak POC
2025-09-01 | Atlassian JiraAtlassian Jira是澳大利亚Atlassian公司的一套缺陷跟踪管理系统。该系统主要用于对工作中各类问题、缺陷进行跟踪管理。 Atlassian Jira 7.13.4之前版本、8.0.4之... -
CVE-2022-0540: Atlassian Jira - Authentication bypass in Seraph POC
2025-09-01 | Atlassian JiraA vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication b... -
CVE-2018-1000600: Pre-auth Fully-responded SSRF POC
2025-09-01 | Pre-authA exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier... -
CVE-2018-1000861: Jenkins 2.138 Remote Command Execution POC
2025-09-01 | JenkinsA code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier...