Description

The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter.

Remediation

References

CVE-2018-20824

Related Vulnerabilities

WordPress Plugin Responsive Menu-Create Mobile-Friendly Menu Multiple Vulnerabilities (4.0.3)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-16863)

WordPress Plugin Theme Check Cross-Site Request Forgery (20190208.1)

WordPress Plugin Advanced Custom Fields PRO Arbitrary File Upload (5.12.2)

Apache Tomcat Credentials Management Errors Vulnerability (CVE-2009-3548)

Severity

Medium

Classification

CVE-2018-20824 CWE-707

Tags

Missing Update Known Vulnerabilities