Lukas Faiß

**Name of the Vulnerable Software and Affected Versions** Better PDF Exporter for Jira version 10.0.0 **Description** The issue exists due to insufficient protection of the web page structure in the PDF Templates Overview Page component. This allows a remote attacker to conduct a cross-site scripting (XSS) attack by crafting a description. The estimated number of potentially affected devices is not specified. **Recommendations** For version 10.0.0, consider disabling access to the PDF Templates overview page until a patch is available. Restrict the ability to edit descriptions in the PDF Templates overview page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Atlassian Jira Transition Scheduler add-on version 6.5.0 **Description** The issue concerns a stored XSS vulnerability via the project name to the creation function. This allows for potential malicious script execution when a user interacts with a specially crafted project name. **Recommendations** For version 6.5.0, consider disabling the project creation function until a patch is available to prevent exploitation of the stored XSS vulnerability. Restrict access to the project name field to minimize the risk of malicious input.

**Name of the Vulnerable Software and Affected Versions** Appfire Jira Misc Custom Fields (JMCF) app version 2.4.6 **Description** The issue allows for XSS via a crafted project name to the Add Auto Indexing Rule function. This can be exploited by sending a malicious project name, potentially leading to the execution of unauthorized code. **Recommendations** For version 2.4.6, consider disabling the Add Auto Indexing Rule function until a patch is available to prevent potential XSS attacks. Restrict access to this function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.