Cross-Site Scripting vulnerability in Jama Connect 8.44.0
Cross-Site Scripting vulnerability in Jama Connect 8.44.0 What is it? - Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Which feature is affected? "Import"-> "Data import wizard"(Select Import File and Destination) tab. The severity of this issue:- - An attacker can redirect a user to a malicious website or can steal the session token. An attacker can also perform phishing attacks using malicious JavaScripts. Did I notify Jama Security team about this vulnerability? Yes, I Informed Jama Security team, the issue is addressed in the latest build version 8.46 Release notes: https://community.jamasoftware.com/blogs/chloe/2020/01/16/jama-connect-846-cloud-release-notes Suggest