CVE-2018-13403
MEDIUMAtlassian Jira < 7.6.10, 7.7.0-7.12.3 - Stored Cross-Site Scripting via Saved Filter Name
Title source: llmDescription
The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a saved filter when displayed on a Jira dashboard.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://jira.atlassian.com/browse/JRASERVER-68526
Scores
CVSS v3
5.4
EPSS
0.0017
EPSS Percentile
38.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
atlassian/jira
< 7.6.10
atlassian/jira_server
7.7.0 - 7.12.3
Published
Feb 13, 2019
Tracked Since
Feb 18, 2026