CVE-2018-20827 — Cross-site Scripting in Atlassian Jira

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 60.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Jira

Timeline

PublishedAug 9

Latest updateMay 24

Description

The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the country parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5atlassian/jiraunspecified — 7.13.1

▶NVDatlassian/jira7.0.0 — 7.13.1

🔴Vulnerability Details

GHSA

GHSA-ccfj-r436-q2hv: The activity stream gadget in Jira before version 7↗2022-05-24

▶

CVEList

CVE-2018-20827: The activity stream gadget in Jira before version 7↗2019-08-09

▶