.. / CVE-2018-5230

Exploit for Atlassian Jira Confluence - Cross-Site Scripting (CVE-2018-5230)

Description:

Atlassian Jira Confluence before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4, and from version 7.9.0 before version 7.9.2, allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the error message of custom fields when an invalid value is specified.

Nuclei Template

View the template here CVE-2018-5230.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2018/CVE-2018-5230.yaml

References:

https://github.com/Elsfa7-110/kenzer-templates
https://github.com/sushantdhopat/JIRA_testing
https://jira.atlassian.com/browse/JRASERVER-67289
https://github.com/Faizee-Asad/JIRA-Vulnerabilities
https://nvd.nist.gov/vuln/detail/CVE-2018-5230

.. / CVE-2018-5230 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Atlassian Jira Confluence - Cross-Site Scripting (CVE-2018-5230)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2018-5230