PT-2020-20949 — XSS in Atlassian Atlasboard-Atlassian-Package

PT-2020-20949 · Atlassian · Atlasboard-Atlassian-Package

Published

2020-09-04

Updated

2020-09-04

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions atlasboard-atlassian-package versions prior to 0.4.2

Description The issue arises from the package's failure to properly sanitize user input that is rendered as HTML, potentially allowing attackers to execute arbitrary JavaScript in a victim's browser. This can be exploited if attackers have the ability to change issue summaries in Jira tickets.

Recommendations For versions prior to 0.4.2, consider using an alternative package until a fix is made available.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

GHSA-25V4-MCX4-HH35

Affected Products

Atlasboard-Atlassian-Package

PT-2020-20949 · Atlassian · Atlasboard-Atlassian-Package

Weakness Enumeration

Related Identifiers

Affected Products

References · 3