XSS in various administrative application link resources through the display url of a configured application link - CVE-2018-5227

Description

Various administrative application link resources in Atlassian Application Links before version 5.4.4 allow remote attackers with administration rights to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the display url of a configured application link.

Environment

None

Testing Notes

Add notes...

Status

Assignee

Unassigned

Reporter

SecurityB

Add-on Type

None

Team

None

CC

None

Risk factor

None

QA Kickoff Status

None

QA Demo Status

None

Fix versions

Priority

Major
Configure