We're updating the issue view to help you get more done. 

XSS through user requested add-on names - CVE-2018-5229

Description

The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names.

Environment

Testing Notes

Add notes...

Security Policy

None

Status

Assignee

Unassigned

Reporter

SecurityB

Fix versions

Affects versions

2.22.6

Priority

Major