Description

The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the title of a Trello card.

Remediation

References

CVE-2017-18097

Related Vulnerabilities

Apache Traffic Server Uncontrolled Resource Consumption Vulnerability (CVE-2018-8005)

MediaWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2020-10960)

PHP Improper Input Validation Vulnerability (CVE-2007-4784)

Family Connections Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-4338)

Apache HTTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-3499)

Severity

Medium

Classification

CVE-2017-18097 CWE-707

Tags

Missing Update Known Vulnerabilities