Description
The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a mixed multipart content type.
Remediation
References
Related Vulnerabilities
MediaWiki URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-0364)
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-4224)
Internet Information Services Other Vulnerability (CVE-1999-0736)
WordPress Plugin FCChat Widget 'Upload.php' Arbitrary File Upload (2.2.13.1)
MySQL Improper Input Validation Vulnerability (CVE-2012-5614)