Description

The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the country parameter.

Remediation

References

CVE-2018-20827

Related Vulnerabilities

Magento CVE-2020-9580 Vulnerability (CVE-2020-9580)

Oracle JRE CVE-2023-21938 Vulnerability (CVE-2023-21938)

OpenSSL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-3512)

WordPress Plugin ReFlex Gallery Arbitrary File Upload (3.1.3)

WordPress Multiple Vulnerabilities (0.70 - 3.6.1)

Severity

Medium

Classification

CVE-2018-20827 CWE-707

Tags

Missing Update Known Vulnerabilities