Description

The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fields.

Remediation

References

CVE-2017-18098

Related Vulnerabilities

MySQL CVE-2013-1523 Vulnerability (CVE-2013-1523)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-25702)

WordPress Plugin Post Form-Registration Form-Profile Form for User Profiles and Content Forms for User Submissions PHAR Deserialization (2.7.7)

WordPress Plugin PWA for WP & AMP Unspecified Vulnerability (1.0.8)

DWR Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-5325)

Severity

Medium

Classification

CVE-2017-18098 CWE-707

Tags

Missing Update Known Vulnerabilities