The Transition Scheduler add-on 6.5.0 for Atlassian Jira is prone to stored XSS via the project name to the creation function.
References
Link | Resource |
---|---|
https://marketplace.atlassian.com/apps/37456/the-scheduler?hosting=server&tab=overview | Vendor Advisory |
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-040.txt | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-07-13T13:45:59
Updated: 2022-07-13T13:45:59
Reserved: 2022-06-03T00:00:00
Link: CVE-2022-32274
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-07-13T14:15:09.290
Modified: 2022-07-26T10:20:03.307
Link: CVE-2022-32274
JSON object: View
Redhat Information
No data.
CWE