Description
The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location that could be manipulated by the up_projectid widget preference setting.
Remediation
References
Related Vulnerabilities
Elgg Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6562)
Ruby Improper Input Validation Vulnerability (CVE-2011-2705)
WordPress Plugin Sharebar Cross-Site Scripting and SQL Injection Vulnerabilities (1.2.1)
WeBid Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7118)
Apache HTTP Server Cryptographic Issues Vulnerability (CVE-2009-3555)