Description
The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuetype parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Easy Appointments Cross-Site Scripting (1.11.7)
WordPress Plugin Elementor Website Builder Arbitrary File Upload (3.18.1)
WordPress Plugin Admin PHP Eval Unspecified Vulnerability (1.0)
Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-19499)