Description
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the /secure/admin/ImporterFinishedPage.jspa error message. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.1.
Remediation
References
Related Vulnerabilities
MyBB Other Vulnerability (CVE-2007-0689)
XWikiplatform Missing Authorization Vulnerability (CVE-2025-32973)
MySQL CVE-2023-22113 Vulnerability (CVE-2023-22113)
Oracle Application Server Other Vulnerability (CVE-2007-0289)
WordPress Plugin Relevanssi-A Better Search 'Seach Query' Field HTML Injection (2.7.2)