Description

The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter.

Remediation

References

CVE-2017-16864

Related Vulnerabilities

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Multiple Vulnerabilities (2.5.0)

Apache HTTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2005-3352)

WordPress Plugin amtyThumb Cross-Site Scripting (4.1.2)

WordPress 5.1.x Prototype Pollution (5.1 - 5.1.12)

WordPress Plugin Advanced Custom Fields (ACF) Information Disclosure (6.0.2)

Severity

Medium

Classification

CVE-2017-16864 CWE-707

Tags

Missing Update Known Vulnerabilities