Atlassian Jira Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2018-20232 - Vulnerability Database

Atlassian Jira Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2018-20232

Medium
Reference: CVE-2018-20232
Title: Atlassian Jira Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location that could be manipulated by the up_projectid widget preference setting.