Description

The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified.

Remediation

References

CVE-2018-5230

Related Vulnerabilities

WordPress Plugin MailPress Remote Code Execution (7.0.2)

MySQL CVE-2018-2766 Vulnerability (CVE-2018-2766)

WordPress Plugin Newsletter Manager Multiple Cross-Site Scripting Vulnerabilities (1.0.1)

Oracle Application Server CVE-2008-2593 Vulnerability (CVE-2008-2593)

WordPress Plugin 360 Product Rotation Arbitrary File Upload (1.2.4)

Severity

Medium

Classification

CVE-2018-5230 CWE-707

Tags

Missing Update Known Vulnerabilities