Description

Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA Enterprise Edition 3.13 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname (Full Name) parameter in the ViewProfile page or (2) returnUrl parameter in a form, as demonstrated using secure/AddComment!default.jspa (aka "Add Comment").

Remediation

References

CVE-2008-6831

Related Vulnerabilities

WordPress Plugin Instagram Feed Unspecified Vulnerability (1.11.3)

Oracle Database Server CVE-2014-6453 Vulnerability (CVE-2014-6453)

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-3833)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9701)

Oracle JRE CVE-2012-5087 Vulnerability (CVE-2012-5087)

Severity

Medium

Classification

CVE-2008-6831 CWE-707

Tags

Missing Update Known Vulnerabilities