Description
The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Custom Searchable Data Entry System Security Bypass (1.7.1)
Internet Information Services Other Vulnerability (CVE-1999-0233)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9700)
WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.9)
WordPress Plugin YITH WooCommerce Gift Cards Unspecified Vulnerability (2.14.0)