Topcoder: Cross Site Scripting via CVE-2018-5230 on https://apps.topcoder.com

Hi, I found reflected xss on https://apps.topcoder.com via error message.. Payload : %3CIFRAME%20SRC%3D%22javascript%3Aalert%28%27XSS%27%29%22%3E.vm Vulnerable link : https://apps.topcoder.com/wiki/labels/%3CIFRAME%20SRC%3D%22javascript%3Aalert'XSS'%22%3E.vm Step to reproduce : Create an account...

Atlassian JIRA 7.6.5 / 7.7.x < 7.7.4 / 7.8.x < 7.8.4 / 7.9.x < 7.9.2 Multiple Vulnerabilities (SB18-141)

According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is potentially affected by multiple vulnerabilities: - Atlassian JIRA contains a flaw that allows a reflected cross-site scripting XSS attack. This flaw exists because the issue collector...

CVE-2018-5230

The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in t...

CVE-2018-5230

Atlassian Jira's issue collector is vulnerable to cross-site scripting (XSS) in the error message of custom fields when an invalid value is specified. Affected versions include Jira before 7.6.6, 7.7.0 before 7.7.4, 7.8.0 before 7.8.4, and 7.9.0 before 7.9.2. The root cause is improper sanitizati...

XSS in the issue collector through invalid values for a custom field - CVE-2018-5230

The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in t...