Published: 31/01/2017 Updated: 03/02/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA prior to 7.2.2 allows remote malicious users to inject arbitrary web script or HTML via the HTTP Host header.

Affected Products

Vendor Product Versions

Mailing Lists

Tempest Security Intelligence Advisory ADV-2/2016 - Atlassian Jira version 717 suffers from a cross site scripting vulnerability ...