Lucene search
AtlassianCVELIST:CVE-2018-20232HistoryFeb 13, 2019 - 6:00 p.m.
CVE-2018-20232
2019-02-1318:00:00
atlassian
www.cve.org
6
EPSS
0.001
Percentile
29.2%
The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location that could be manipulated by the up_projectid widget preference setting.
CNA Affected
[
{
"product": "Jira",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "7.6.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "next of 7.7.0",
"versionType": "custom"
},
{
"lessThan": "7.13.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
atlassian
atlassian
XSS in the labels widget gadget - CVE-2018-20232
2018-12-21 06:06:35
XSS in the labels widget gadget - CVE-2018-20232
2018-12-21 06:06:35
nvd
nvd
CVE-2018-20232
2019-02-13 18:29:00
prion
prion
Cross site scripting
2019-02-13 18:29:00
nessus
nessus
Atlassian JIRA Cross-Site Scripting (XSS) Vulnerability (JRASERVER-68614)
2019-05-10 00:00:00
cve
cve
CVE-2018-20232
2019-02-13 18:29:00