Description
The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.
Remediation
References
Related Vulnerabilities
Magento CVE-2019-7895 Vulnerability (CVE-2019-7895)
WordPress Plugin Captcha Backdoor (4.4.4)
WordPress Plugin WooCommerce PayPal Checkout Payment Gateway Parameter Tampering (1.6.8)
Oracle Application Server CVE-2008-2614 Vulnerability (CVE-2008-2614)
Oracle Database Server CVE-2010-0867 Vulnerability (CVE-2010-0867)