CVE-2018-20232

by Fred · 13/02/2019

The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location that could be manipulated by the up_projectid widget preference setting.

Date published : 2019-02-13

http://www.securityfocus.com/bid/107023

https://jira.atlassian.com/browse/JRASERVER-68614

CVE-2018-20232

Similar

Recent Posts

Categories

CVE-2018-20232

Share this:

Similar

Recent Posts

Categories

Tags