Unrated severityNVD Advisory· Published Jan 3, 2008· Updated Apr 23, 2026

CVE-2007-6617

Description

Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterprise Edition before 3.12.1 allows remote attackers to inject arbitrary web script or HTML, which is not properly handled when generating error messages, as demonstrated by input originally sent in the URI to secure/CreateIssue. NOTE: some of these details are obtained from third party information.

Affected products

Atlassian/Jira
cpe:2.3:a:atlassian:jira:*:*:enterprise:*:*:*:*:*
Range: <=3.12

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2007-12-24nvdPatch
secunia.com/advisories/27954nvdVendor Advisory
jira.atlassian.com/browse/CONF-9560nvd
osvdb.org/42768nvd
www.securityfocus.com/bid/27094nvd
www.securityfocus.com/bid/27095nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000