CVE-2018-20232

Name of the Vulnerable Software and Affected Versions: Atlassian Jira versions prior to 7.6.11 Atlassian Jira versions 7.7.0 through 7.13.0

Description: The issue concerns a cross-site scripting (XSS) vulnerability in the labels widget gadget. This vulnerability allows remote attackers to inject arbitrary HTML or JavaScript via the rendering of retrieved content from a URL location, which could be manipulated by the up projectid widget preference setting.

Recommendations: For Atlassian Jira versions prior to 7.6.11, update to version 7.6.11 or later. For Atlassian Jira versions 7.7.0 through 7.13.0, update to version 7.13.1 or later.