Medium severity6.1NVD Advisory· Published Jul 16, 2018· Updated Jun 17, 2026
CVE-2018-13387
CVE-2018-13387
Description
The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter as the fix for CVE-2017-18039 was incomplete.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <7.6.7, >=7.7.0 <7.7.5, >=7.8.0 <7.8.5, >=7.9.0 <7.9.3, >=7.10.0 <7.10.2
Patches
Vulnerability mechanics
References
2- www.securityfocus.com/bid/104890nvdThird Party AdvisoryVDB Entry
- jira.atlassian.com/browse/JRASERVER-67526nvdVendor Advisory
News mentions
0No linked articles in our index yet.