-
Bug
-
Resolution: Fixed
-
Medium (View bug fix roadmap)
-
7.7.0, 7.8.0, 7.9.0, 7.10.0, 7.6.6
-
7.06
-
Severity 2 - Major
-
The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter as the fix for CVE-2017-18039 was incomplete.
- relates to
-
-
- Closed
-
[JRASERVER-67526] XSS in IncomingMailServer resource - CVE-2018-13387
| Fixed in Enterprise Release/s | New: [Download 7.6|https://confluence.atlassian.com/enterprise/atlassian-enterprise-releases-948227420.html] |
| Minimum Version | New: 7.06 |
| Workflow | Original: JAC Bug Workflow v2 [ 2831841 ] | New: JAC Bug Workflow v3 [ 2929644 ] |
| Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
| Symptom Severity | Original: Major [ 14431 ] | New: Severity 2 - Major [ 15831 ] |
| Workflow | Original: JIRA Bug Workflow w Kanban v7 - Restricted [ 2706016 ] | New: JAC Bug Workflow v2 [ 2831841 ] |
| Status | Original: Closed [ 6 ] | New: Resolved [ 5 ] |
| Fix Version/s | New: 7.8.5 [ 79812 ] |
| Fix Version/s | Original: 7.8.5 [ 79812 ] |
| Labels | Original: CVE-2018-13387 advisory advisory-to-release cvss-medium rxss security triaged xss | New: CVE-2018-13387 advisory advisory-released cvss-medium rxss security triaged xss |
| Security | Original: Reporter and Atlassian Staff [ 10751 ] |
| Labels | Original: advisory advisory-to-release cvss-medium rxss security triaged xss | New: CVE-2018-13387 advisory advisory-to-release cvss-medium rxss security triaged xss |