Versions Compared

Old Version 2

changes.mady.by.user Peter Atthem

Saved on

compared with

New Version 3

changes.mady.by.user Peter Atthem

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Summary

CVE-TO BE ADDED
Vulnerability 1: Stored XSS in the Rest API

Advisory release date

2021-10-27

Product

  • Inbox for Jira

Affected versions

Inbox for Jira app - Marketplace download version:

  • All 4.2.x versions

  • All 5.x.x up tp to 5.0.3 versions

Fixed versions - Inbox for Jira Marketplace App

5.0.4

CVE ID(s)

...

The parameter phrase in the endpoint: /rest/inbox/1.0/notification/message/{user_name_to_notify} lacks user input validation leading to a stored Cross-Site Scripting attack.

...