4.3
CVSSv2

CVE-2016-6285

Published: 31/01/2017 Updated: 03/02/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA prior to 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.

Affected Products

Vendor Product Versions
AtlassianJira7.2.1

Mailing Lists

Tempest Security Intelligence Advisory ADV-2/2016 - Atlassian Jira version 717 suffers from a cross site scripting vulnerability ...