CVE-2018-13395

Summary

Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and before version 7.11.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the epic colour field of an issue while an issue is being moved.

Affected Software

VendorProductVersion RangeStatus
AtlassianJiraunspecified < 7.6.8affected
AtlassianJira7.7.0 < unspecifiedaffected
AtlassianJiraunspecified < 7.7.5affected
AtlassianJira7.8.0 < unspecifiedaffected
AtlassianJiraunspecified < 7.8.5affected
AtlassianJira7.9.0 < unspecifiedaffected
AtlassianJiraunspecified < 7.9.3affected
AtlassianJira7.10.0 < unspecifiedaffected
AtlassianJiraunspecified < 7.10.3affected
AtlassianJira7.11.0 < unspecifiedaffected
AtlassianJiraunspecified < 7.11.1affected

Weaknesses

  • Cross Site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References