CVE-2023-36662

The TechTime User Management components for Atlassian products allow stored XSS on the Bulk User Actions page. This affects User Management for Jira 2.0.0 through 2.17.1, User Management for Confluence 2.0.0 through 2.15.24, and User Management for Bitbucket 2.2.2 through 2.15.24.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
techtimeuser_management
2.0.0 ≤
𝑥
≤ 2.15.24
techtimeuser_management
2.0.0 ≤
𝑥
≤ 2.17.1
techtimeuser_management
2.2.2 ≤
𝑥
≤ 2.15.24
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://techtime.co.nz/display/TECHTIME/Security+Vulnerability+Affecting+User+Management
https://techtime.co.nz/display/TECHTIME/Security+Vulnerability+Affecting+User+Management