Description
The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuetype parameter.
Remediation
References
Related Vulnerabilities
MySQL CVE-2012-3197 Vulnerability (CVE-2012-3197)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6613)
Oracle JRE CVE-2013-1569 Vulnerability (CVE-2013-1569)
WordPress Plugin NextGEN Gallery-WordPress Gallery Multiple HTML Injection Vulnerabilities (1.9.0)
WordPress Plugin WooCommerce Address Book Cross-Site Request Forgery (1.5.6)