Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 7.13.3, 8.1.0
Affects Version/s: 7.13.0, 7.13.1, 8.0.0
Component/s: Application Links
Labels:

Fixed in Long Term Support Release/s:

Download 7.13
Introduced in Version:
7.13
Support reference count:
1
Symptom Severity:
Severity 2 - Major

The version of the Application Links plugin used in Jira before version 7.13.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. See https://ecosystem.atlassian.net/browse/APL-1373 for more details.

is related to

CWD-5362 XSS in the listApplicationLinks resource of the Application links plugin - CVE-2018-20239

Closed

APL-1373 Loading...

details: APL-1370 Loading...

relates to: BBSDEV-19392 Loading...; RAID-1119 Loading...; SECURITY-1179 Loading...

(1 relates to)

Assignee:: Ignat (Inactive)
Reporter:: David Black
Votes:: 0 Vote for this issue
Watchers:: 2 Start watching this issue

Due:: 11/Apr/2019
Created:: 14/Feb/2019 2:51 AM
Updated:: 31/May/2023 9:45 PM
Resolved:: 04/Apr/2019 11:56 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates