Description

The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter.

Remediation

References

CVE-2018-20824

Related Vulnerabilities

Oracle Database Server CVE-2008-0341 Vulnerability (CVE-2008-0341)

WordPress Plugin Contact Form Email Cross-Site Scripting (1.3.24)

WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions Cross-Site Request Forgery (2.4.2)

WordPress Plugin WP Smart Security PHP Object Injection (1.0)

Drupal CVE-2014-1475 Vulnerability (CVE-2014-1475)

Severity

Medium

Classification

CVE-2018-20824 CWE-707

Tags

Missing Update Known Vulnerabilities