Description
The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the country parameter.
Remediation
References
Related Vulnerabilities
Drupal Deserialization of Untrusted Data Vulnerability (CVE-2020-28948)
WordPress Plugin Stealth Login Page Unspecified Vulnerability (1.1.3)
WordPress Plugin Spotlight Social Feeds [Block, Shortcode, and Widget] Security Bypass (0.10.1)
WordPress Plugin Orbit Fox by ThemeIsle Multiple Vulnerabilities (2.10.2)
WordPress Plugin Wholesale Market for WooCommerce Directory Traversal (1.0.8)