Description
The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jql parameter.
Remediation
References
Related Vulnerabilities
phpMyAdmin Improper Input Validation Vulnerability (CVE-2008-4096)
Magento CVE-2019-8111 Vulnerability (CVE-2019-8111)
Internet Information Services Other Vulnerability (CVE-2001-0336)
WordPress Plugin Related YouTube Videos Cross-Site Request Forgery (1.9.8)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-1578)