Description

Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a custom field.

Remediation

References

CVE-2019-8450

Related Vulnerabilities

WordPress Plugin MoodThingy Mood Rating Widget SQL Injection (0.9.1)

WordPress Plugin Social Media Share Buttons & Social Sharing Icons Cross-Site Scripting (1.1.1.11)

OpenSSL NULL Pointer Dereference Vulnerability (CVE-2021-3449)

IBMHttpServer Other Vulnerability (CVE-2001-0122)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2008-3659)

Severity

Medium

Classification

CVE-2019-8450 CWE-707 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities