Description
The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter.
Remediation
References
Related Vulnerabilities
Magento Improper Authorization Vulnerability (CVE-2021-21022)
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17299)
WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.17)
MySQL CVE-2021-2212 Vulnerability (CVE-2021-2212)
ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-5954)