CVE-2018-13395

Name of the Vulnerable Software and Affected Versions Atlassian Jira versions 7.6.7 and earlier Atlassian Jira versions 7.7.0 through 7.7.4 Atlassian Jira versions 7.8.0 through 7.8.4 Atlassian Jira versions 7.9.0 through 7.9.2 Atlassian Jira versions 7.10.0 through 7.10.2 Atlassian Jira version 7.11.0

Description The issue allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the epic colour field of an issue while an issue is being moved.

Recommendations For versions 7.6.7 and earlier, update to version 7.6.8 or later. For versions 7.7.0 through 7.7.4, update to version 7.7.5 or later. For versions 7.8.0 through 7.8.4, update to version 7.8.5 or later. For versions 7.9.0 through 7.9.2, update to version 7.9.3 or later. For versions 7.10.0 through 7.10.2, update to version 7.10.3 or later. For version 7.11.0, update to version 7.11.1 or later.