Description

The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified.

Remediation

References

CVE-2018-5230

Related Vulnerabilities

WordPress Plugin WP-Spreadplugin Multiple Vulnerabilities (4.4.4)

PHP Other Vulnerability (CVE-2007-1883)

WordPress Plugin The Events Calendar:Eventbrite Tickets Cross-Site Scripting (3.9.6)

PHP Other Vulnerability (CVE-2012-5381)

Apache 2.x version older than 2.0.43

Severity

Medium

Classification

CVE-2018-5230 CWE-707

Tags

Missing Update Known Vulnerabilities