Details
-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Low
-
Resolution: Fixed
-
Affects Version/s: 8.2.1
-
Fix Version/s: 8.7.0
-
Component/s: Administration - Fields
-
Introduced in Version:8.02
-
Symptom Severity:Severity 3 - Minor
-
Bug Fix Policy:
-
Current Status:
Description
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the Add Field module.
Affected versions:
- version < 8.7.0
Fixed versions:
- 8.7.0
Attachments
Issue Links
- relates to
-
JRASERVER-44458 Using JavaScript in description field should require explicit configuration
- Closed