Description
The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified.
Remediation
References
Related Vulnerabilities
WordPress Plugin WooCommerce Extra Product Options Multiple Vulnerabilities (4.5.3)
Moodle Improper Input Validation Vulnerability (CVE-2011-4582)
WordPress Plugin Slideshow Pro 'upload.php' Arbitrary File Upload (2.1)
PHP Resource Management Errors Vulnerability (CVE-2012-0781)
WordPress Plugin CYSTEME Finder, the admin files explorer Multiple Vulnerabilities (1.3)