Description

The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter.

Remediation

References

CVE-2018-20824

Related Vulnerabilities

MySQL CVE-2017-3646 Vulnerability (CVE-2017-3646)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20239)

Craft CMS Files or Directories Accessible to External Parties Vulnerability (CVE-2024-52292)

Oracle Database Server CVE-2007-2118 Vulnerability (CVE-2007-2118)

Python Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2019-9740)

Severity

Medium

Classification

CVE-2018-20824 CWE-707

Tags

Missing Update Known Vulnerabilities