3 matches found
Atlassian JIRA 7.x.x < 7.13.1 / 8.0.0 Cross-Site Scripting (XSS) Vulnerability (SB18-141)
According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is potentially affected by a cross-site scripting vulnerability which allows a reflected cross-site scripting XSS attack. This flaw exists because the activity stream gadget does not...
CVE-2018-20827
CVE-2018-20827 — Jira XSS via country parameter Affected: Atlassian Jira (server) with the activity stream gadget, specifically versions before 7.13.1 (and related entries reference 8.0.0 in a Nessus plugin). Description: The vulnerability arises because the activity stream gadget does not proper...
XSS in the activity stream gadget via the country parameter - CVE-2018-20827
The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the country parameter...