We're updating the issue view to help you get more done. 

XSS through user requested add-on names - CVE-2018-5229

Description

The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names.

Environment

None

Testing Notes

Add notes...

Security Policy

None

Status

Assignee

Unassigned

Reporter

SecurityB

QA Dev

None

Needs Doc

None

Team

None

External issue ID

None

External issue ID

None

Peer Reviewer

None

Mgr Approver

None

CC

None

Product

None

Payment Model

None

Plugin Key

None

App Key

None

Most Recent Approval Ticket

None

Fix versions

Affects versions

2.22.6

Priority

Major