Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. The product is used as a plugin in various Atlassian products where the following are affected: Confluence before version 6.15.2, Crucible before version 4.7.0, Crowd before version 3.4.3, Fisheye before version 4.7.0, Jira before version 7.13.3 and 8.x before 8.1.0.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2019-04-30T15:28:27.775475Z
Updated: 2024-09-16T20:01:43.685Z
Reserved: 2018-12-19T00:00:00
Link: CVE-2018-20239
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-04-30T16:29:00.247
Modified: 2024-11-21T04:01:08.853
Link: CVE-2018-20239
Redhat
No data.