Description
The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by pasting javascript code into the editor field.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-2424 Vulnerability (CVE-2013-2424)
WordPress Plugin SEO by Squirrly SEO Multiple Unspecified Vulnerabilities (6.1.4)
EspoCRM Server-Side Request Forgery (SSRF) Vulnerability (CVE-2023-46736)
WordPress Plugin Lightbox Plus Colorbox Cross-Site Scripting (2.7.2)
Resin Application Server Other Vulnerability (CVE-2012-2967)