CVE-2016-10716
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
16/03/2018
Last modified:
17/06/2026
Description
The Mail.ru Calendar plugin before 2.5.0.61 for Atlassian Jira has XSS via the Name field in a Create Calender action, related to a MailRuCalendar.jspa#period/month URI.
Impact
Base Score 3.x
5.40
Severity 3.x
MEDIUM
Base Score 2.0
3.50
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:mail.ru:calendar:*:*:*:*:*:jira:*:* | 2.5.0.61 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://marketplace.atlassian.com/plugins/ru.mail.jira.plugins.mailrucal/versions
- https://packetstormsecurity.com/files/137649/JIRA-Mail.ru-Calendar-2.4.2.50_JIRA6-Cross-Site-Scripting.html
- https://marketplace.atlassian.com/plugins/ru.mail.jira.plugins.mailrucal/versions
- https://packetstormsecurity.com/files/137649/JIRA-Mail.ru-Calendar-2.4.2.50_JIRA6-Cross-Site-Scripting.html



