CVE-2019-8450

Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a custom field.
References
Link Resource
https://jira.atlassian.com/browse/JRASERVER-69795 Issue Tracking Vendor Advisory
https://jira.atlassian.com/browse/JRASERVER-69795 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:49

Type Values Removed Values Added
References () https://jira.atlassian.com/browse/JRASERVER-69795 - Issue Tracking, Vendor Advisory () https://jira.atlassian.com/browse/JRASERVER-69795 - Issue Tracking, Vendor Advisory

Information

Published : 2019-09-11 14:15

Updated : 2024-11-21 04:49


NVD link : CVE-2019-8450

Mitre link : CVE-2019-8450

CVE.ORG link : CVE-2019-8450


JSON object : View

Products Affected

atlassian

  • jira_server
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')