Description
The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter.
Remediation
References
Related Vulnerabilities
SharePoint CVE-2022-41037 Vulnerability (CVE-2022-41037)
WordPress Plugin Gallery Objects SQL Injection (0.4)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-6830)
MySQL CVE-2019-2683 Vulnerability (CVE-2019-2683)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-17531)