Description
The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote attackers inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.
Remediation
References
Related Vulnerabilities
Drupal Core 9.0.x Cross-Site Scripting (9.0.0 - 9.0.11)
SugarCRM Improper Input Validation Vulnerability (CVE-2017-14509)
WordPress Plugin Pinterest by BestWebSoft Cross-Site Scripting (1.0.4)
WordPress Plugin MailUp newsletter sign-up form Security Bypass (1.3.2)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2015-4852)