Description
The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jql parameter.
Remediation
References
Related Vulnerabilities
Zope Web Application Server Other Vulnerability (CVE-2001-0567)
WordPress Plugin Namaste! LMS Cross-Site Scripting (2.5.9.3)
Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-7942)
Moodle CVE-2023-28330 Vulnerability (CVE-2023-28330)
WordPress Plugin Ivory Search-WordPress Search Multiple Cross-Site Scripting Vulnerabilities (5.4)