Description
The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuetype parameter.
Remediation
References
Related Vulnerabilities
WordPress 4.2.x Prototype Pollution (4.2 - 4.2.31)
ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-2086)
WordPress Plugin 1-click Retweet/Share/Like Cross-Site Scripting (5.2)
WordPress Plugin Integration for HubSpot and WooCommerce Cross-Site Scripting (1.0.4)