PT-2022-21199 · Atlassian · Jira Transition Scheduler Add-On

Lukas Faiß

Published

2022-07-13

Updated

2022-07-26

CVE-2022-32274

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Atlassian Jira Transition Scheduler add-on version 6.5.0

Description The issue concerns a stored XSS vulnerability via the project name to the creation function. This allows for potential malicious script execution when a user interacts with a specially crafted project name.

Recommendations For version 6.5.0, consider disabling the project creation function until a patch is available to prevent exploitation of the stored XSS vulnerability. Restrict access to the project name field to minimize the risk of malicious input.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-32274

Affected Products

Jira Transition Scheduler Add-On

PT-2022-21199 · Atlassian · Jira Transition Scheduler Add-On

CVE-2022-32274

Weakness Enumeration

Related Identifiers

Affected Products

References · 5