CVE-2019-8450

Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a custom field.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
atlassianCNA
4.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Affected Products (NVD)
VendorProductVersion
atlassianjira_server
7.13.0 ≤
𝑥
< 7.13.6
atlassianjira_server
8.0.0 ≤
𝑥
< 8.4.0
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
atlassianjira
𝑥
< 7.13.6
CNA
atlassianjira
8.0.0
CNA
atlassianjira
𝑥
< 8.4.0
CNA
Common Weakness Enumeration
References
https://jira.atlassian.com/browse/JRASERVER-69795
https://jira.atlassian.com/browse/JRASERVER-69795