Description
The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language.
Remediation
References
Related Vulnerabilities
WebLogic CVE-2020-14636 Vulnerability (CVE-2020-14636)
Drupal Core 9.0.x Arbitrary File Overwrite (9.0.0 - 9.0.10)
WordPress Plugin Simple Download Monitor Cross-Site Scripting (3.5.3)
OpenSSL Improper Input Validation Vulnerability (CVE-2008-5077)
WordPress Plugin PayPal Digital Goods powered by Cleeng Cross-Site Scripting (2.2.13)