CVE-2010-1164

CVSS V2 Medium 4.3 CVSS V3 None
Description
Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) element or (2) defaultColor parameter to the Colour Picker page; the (3) formName parameter, (4) element parameter, or (5) full name field to the User Picker page; the (6) formName parameter, (7) element parameter, or (8) group name field to the Group Picker page; the (9) announcement_preview_banner_st parameter to unspecified components, related to the Announcement Banner Preview page; unspecified vectors involving the (10) groupnames.jsp, (11) indexbrowser.jsp, (12) classpath-debug.jsp, (13) viewdocument.jsp, or (14) cleancommentspam.jsp page; the (15) portletKey parameter to runportleterror.jsp; the (16) URI to issuelinksmall.jsp; the (17) afterURL parameter to screenshot-redirecter.jsp; or the (18) HTTP Referrer header to 500page.jsp, as exploited in the wild in April 2010.
Overview
  • CVE ID
  • CVE-2010-1164
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2010-04-20T15:30:00
  • Last Modified Date
  • 2017-08-17T01:32:16
Weakness Enumerations
CWE URL
CWE-79 http://cwe.mitre.org/data/definitions/79.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:atlassian:jira:3.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:atlassian:jira:3.12.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:atlassian:jira:3.12.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:atlassian:jira:3.12.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:atlassian:jira:3.13:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:atlassian:jira:3.13.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:atlassian:jira:3.13.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:atlassian:jira:3.13.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:atlassian:jira:3.13.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:atlassian:jira:3.13.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:atlassian:jira:4.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:atlassian:jira:4.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:atlassian:jira:4.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:atlassian:jira:4.1:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 4.3
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 2.9
References
Reference URL Reference Tags
http://www.openwall.com/lists/oss-security/2010/04/16/3
http://secunia.com/advisories/39353 Vendor Advisory
http://www.openwall.com/lists/oss-security/2010/04/16/4
http://jira.atlassian.com/browse/JRA-20994 Vendor Advisory
http://jira.atlassian.com/browse/JRA-21004 Patch Vendor Advisory
http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-04-16 Patch Vendor Advisory
http://www.securityfocus.com/bid/39485
https://exchange.xforce.ibmcloud.com/vulnerabilities/57827
https://exchange.xforce.ibmcloud.com/vulnerabilities/57826
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2010-1164
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1164
History
Created Old Value New Value Data Type Notes
2022-05-10 08:58:15 Added to TrackCVE