XSS in the listApplicationLinks resource of the Application links plugin - CVE-2018-20239

2019-02-14T02:51:49
ID ATLASSIAN:JRASERVER-68855
Type atlassian
Reporter dblack
Modified 2019-05-03T11:36:25

Description

The version of the Application Links plugin used in Jira before version 7.13.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. See https://ecosystem.atlassian.net/browse/APL-1373 for more details.