Description

The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter.

Remediation

References

CVE-2017-18039

Related Vulnerabilities

WordPress Plugin YITH PayPal Express Checkout for WooCommerce Security Bypass (1.2.5)

OpenSSL Resource Management Errors Vulnerability (CVE-2014-3506)

MediaWiki CVE-2023-37301 Vulnerability (CVE-2023-37301)

Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-28977)

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-39324)

Severity

Medium

Classification

CVE-2017-18039 CWE-707

Tags

Missing Update Known Vulnerabilities