Description

The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fields.

Remediation

References

CVE-2017-18098

Related Vulnerabilities

WordPress Plugin NEX-Forms-Ultimate Form builder SQL Injection (3.0)

WordPress Plugin WP Photo Album Plus Cross-Site Request Forgery (4.8.11)

IBM WebSEAL Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1740)

WordPress Plugin Anti-Splog Cross-Site Scripting (2.1.7)

WordPress Plugin WP Post Popup Directory Traversal (2.1.1)

Severity

Medium

Classification

CVE-2017-18098 CWE-707

Tags

Missing Update Known Vulnerabilities