CVE-2017-14594: XSS
First published: Fri Jan 12 2018(Updated: )
The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian JIRA | <7.2.12 | |
| Atlassian Jira Server | >=7.3.0<7.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-14594?
CVE-2017-14594 has a medium severity rating due to its potential for exploitation through cross-site scripting (XSS).
How do I fix CVE-2017-14594?
To fix CVE-2017-14594, upgrade Atlassian Jira to version 7.2.12 or from 7.3.0 to 7.6.1 or later.
What impact does CVE-2017-14594 have on users?
CVE-2017-14594 allows remote attackers to inject arbitrary HTML or JavaScript, potentially compromising user data.
Which versions of Atlassian Jira are affected by CVE-2017-14594?
CVE-2017-14594 affects Atlassian Jira versions prior to 7.2.12 and versions from 7.3.0 up to but not including 7.6.1.
Is CVE-2017-14594 related to any other vulnerabilities?
CVE-2017-14594 is a specific XSS vulnerability and while it may not directly relate to other CVEs, it is part of a broader category of web application security issues.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/severity
- agent/references
- agent/weakness
- agent/remedy
- agent/author
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/atlassian
- canonical/atlassian jira
- canonical/atlassian jira server
- version/atlassian jira server/7.3.0