We couldn't load all Actvitity tabs. Refresh the page to try again.
If the problem persists, contact your Jira admin.
IMPORTANT: JAC is a Public system and anyone on the internet will be able to view the data in the created JAC tickets. Please don’t include Customer or Sensitive data in the JAC ticket.
Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-67106

XSS in the agile wallboard gadget through quick filter names - CVE-2017-18100

      The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters.

      Workaround

      Disable the gadget.

      • Navigate to Administration > Add-ons > Manage add-ons and set the filter to show Application Components.
      • Scroll down the list of plugins and expand JIRA Agile.
      • Click the "+" symbol next to the count of modules in this plugin to expand the list.
      • Scroll down until you find the Agile board gadget and set it to disabled.

            Loading...
            IMPORTANT: JAC is a Public system and anyone on the internet will be able to view the data in the created JAC tickets. Please don’t include Customer or Sensitive data in the JAC ticket.
            Uploaded image for project: 'Jira Data Center'
            1. Jira Data Center
            2. JRASERVER-67106

            XSS in the agile wallboard gadget through quick filter names - CVE-2017-18100

                The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters.

                Workaround

                Disable the gadget.

                • Navigate to Administration > Add-ons > Manage add-ons and set the filter to show Application Components.
                • Scroll down the list of plugins and expand JIRA Agile.
                • Click the "+" symbol next to the count of modules in this plugin to expand the list.
                • Scroll down until you find the Agile board gadget and set it to disabled.

                        Unassigned Unassigned
                        security-metrics-bot Security Metrics Bot
                        Affected customers:
                        0 This affects my team
                        Watchers:
                        5 Start watching this issue

                          Created:
                          Updated:
                          Resolved:

                            Unassigned Unassigned
                            security-metrics-bot Security Metrics Bot
                            Affected customers:
                            0 Vote for this issue
                            Watchers:
                            5 Start watching this issue

                              Created:
                              Updated:
                              Resolved: