Description

The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter.

Remediation

References

CVE-2017-18039

Related Vulnerabilities

ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-1499)

WebLogic CVE-2020-2548 Vulnerability (CVE-2020-2548)

Oracle JRE CVE-2012-1541 Vulnerability (CVE-2012-1541)

WebLogic Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41184)

Oracle JRE CVE-2013-5802 Vulnerability (CVE-2013-5802)

Severity

Medium

Classification

CVE-2017-18039 CWE-707

Tags

Missing Update Known Vulnerabilities