Details
-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Medium
-
Resolution: Fixed
-
Affects Version/s: 7.5.3
-
Component/s: Issue - Fields
-
Fixed in Long Term Support Release/s:
-
Introduced in Version:7.05
-
Symptom Severity:Severity 2 - Major
-
Bug Fix Policy:
Description
The bundled version of atlassian-renderer in Atlassian JIRA before version 7.7.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in nested wiki markup. For more information see https://jira.atlassian.com/browse/RNDR-153 (currently restricted to Atlassian staff).