Description

The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a saved filter when displayed on a Jira dashboard.

Remediation

References

CVE-2018-13403

Related Vulnerabilities

TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4900)

WordPress Plugin Highlight Cross-Site Scripting (0.9.2)

WordPress Plugin WooCommerce Product Attachment Cross-Site Scripting (1.1.2)

Liferay Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2020-28885)

ClipBucket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-7666)

Severity

Medium

Classification

CVE-2018-13403 CWE-707

Tags

Missing Update Known Vulnerabilities