Description
Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The affected versions are before version 8.20.3.
Remediation
References
Related Vulnerabilities
WordPress Plugin Image Source Control Security Bypass (2.3.0)
WordPress Plugin YaySMTP-Simple WP SMTP Mail Cross-Site Scripting (2.4.5)
WordPress Plugin NextGEN Pro Cross-Site Scripting (3.1.9)
MySQL CVE-2019-2738 Vulnerability (CVE-2019-2738)
WordPress Plugin Coming Soon & Maintenance Mode Page Unspecified Vulnerability (1.40)