Description

The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a saved filter when displayed on a Jira dashboard.

Remediation

References

CVE-2018-13403

Related Vulnerabilities

Jenkins Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2024-43044)

GlassFish CVE-2012-3155 Vulnerability (CVE-2012-3155)

WordPress Plugin SP Project & Document Manager Multiple SQL Injection Vulnerabilities (2.4.3)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-8103)

WordPress Plugin Fast Velocity Minify Information Disclosure (2.7.6)

Severity

Medium

Classification

CVE-2018-13403 CWE-707

Tags

Missing Update Known Vulnerabilities