Description

The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url of an issue priority.

Remediation

References

CVE-2019-11584

Related Vulnerabilities

WordPress Plugin tcS3 Cross-Site Scripting (2.1.1)

Drupal Core 7.x Remote Code Execution (7.0 - 7.57)

WordPress Plugin MobileChief-Mobile Site Builder Cross-Site Scripting (1.5.7)

Atlassian Jira Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-41305)

WordPress Plugin WooCommerce Security Bypass (2.1.7)

Severity

Medium

Classification

CVE-2019-11584 CWE-707

Tags

Missing Update Known Vulnerabilities