CVE-2018-20232
Last modified
CVE-2018-20232 is a vulnerability of currently unknown severity. The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location that could be manipulated by the up_projectid widget preference setting.. EPSS estimates a 0.91% chance of exploitation in the next 30 days.
Description
The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location that could be manipulated by the up_projectid widget preference setting.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Atlassian | Jira | < 7.6.11 |
| Atlassian | Jira Server | >= 7.7.0, < 7.13.1 |
References
- http://www.securityfocus.com/bid/107023Third Party Advisory, VDB Entry
- https://jira.atlassian.com/browse/JRASERVER-68614Vendor Advisory
- http://www.securityfocus.com/bid/107023Third Party Advisory, VDB Entry
- https://jira.atlassian.com/browse/JRASERVER-68614Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-20232?
How severe is CVE-2018-20232?
How do I fix CVE-2018-20232?
Are you affected by CVE-2018-20232?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST