CVE-2019-8450
MEDIUMJira Server 7.13.0-7.13.5 and 8.0.0-8.3.9 - Authenticated Stored Cross-Site Scripting via Custom Field Name
Title source: llmDescription
Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a custom field.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://jira.atlassian.com/browse/JRASERVER-69795
Scores
CVSS v3
4.8
EPSS
0.0024
EPSS Percentile
46.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
atlassian/jira_server
7.13.0 - 7.13.6
Published
Sep 11, 2019
Tracked Since
Feb 18, 2026