Description

The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fields.

Remediation

References

CVE-2017-18098

Related Vulnerabilities

Oracle Database Server CVE-2011-2248 Vulnerability (CVE-2011-2248)

WordPress Plugin WP Review Unspecified Vulnerability (5.2.1)

WordPress Plugin Gravity Forms Salesforce Cross-Site Scripting (1.2.4)

Moodle Other Vulnerability (CVE-2006-4942)

WordPress 2.8.4 Denial of Service Vulnerability (0.6.2 - 2.8.4)

Severity

Medium

Classification

CVE-2017-18098 CWE-707

Tags

Missing Update Known Vulnerabilities