The TechTime User Management components for Atlassian products allow stored XSS on the Bulk User Actions page. This affects User Management for Jira 2.0.0 through 2.17.1, User Management for Confluence 2.0.0 through 2.15.24, and User Management for Bitbucket 2.2.2 through 2.15.24.
References
| Link | Resource |
|---|---|
| https://techtime.co.nz/display/TECHTIME/Security+Vulnerability+Affecting+User+Management | Vendor Advisory |
| https://techtime.co.nz/display/TECHTIME/Security+Vulnerability+Affecting+User+Management | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:10
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://techtime.co.nz/display/TECHTIME/Security+Vulnerability+Affecting+User+Management - Vendor Advisory |
06 Jul 2023, 17:54
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:techtime:user_management:*:*:*:*:*:bitbucket:*:* cpe:2.3:a:techtime:user_management:*:*:*:*:*:jira:*:* cpe:2.3:a:techtime:user_management:*:*:*:*:*:confluence:*:* |
|
| References | (MISC) https://techtime.co.nz/display/TECHTIME/Security+Vulnerability+Affecting+User+Management - Vendor Advisory | |
| CWE | CWE-79 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
26 Jun 2023, 13:02
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-06-26 01:15
Updated : 2024-11-21 08:10
NVD link : CVE-2023-36662
Mitre link : CVE-2023-36662
CVE.ORG link : CVE-2023-36662
JSON object : View
Products Affected
techtime
- user_management
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')