Description

Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via the name parameter to secure/admin/user/DeleteUser!default.jspa.

Remediation

References

CVE-2013-5319

Related Vulnerabilities

WordPress Plugin Resim Ara Cross-Site Scripting (3.0)

WordPress Plugin Responsive Image Slider, Photo Gallery And Carousel Security Bypass (1.3.5)

WordPress Plugin MainWP Child-Securely connects sites to the MainWP WordPress Manager Dashboard SQL Injection (4.1.7.1)

Drupal Core 5.x SQL Injection (5.0 - 5.3)

WordPress Possible SQL Injection Vulnerability (0.70 - 3.6.1)

Severity

Medium

Classification

CVE-2013-5319 CWE-707

Tags

Missing Update Known Vulnerabilities