The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.
CPE | Name | Operator | Version |
---|---|---|---|
jira_server | ge | 7.12.0 | |
jira_server | lt | 7.13.7 | |
jira_server | ge | 8.0.0 | |
jira_server | lt | 8.3.3 |