cpe:/a:atlassian:jira:7.12.0 cpe:/a:atlassian:jira:7.12.1 cpe:/a:atlassian:jira:7.12.2 cpe:/a:atlassian:jira:7.12.3 cpe:/a:atlassian:jira:7.13.0 cpe:/a:atlassian:jira:7.13.1 cpe:/a:atlassian:jira:7.13.2 cpe:/a:atlassian:jira:7.13.3 cpe:/a:atlassian:jira:7.13.4 cpe:/a:atlassian:jira:7.13.5 cpe:/a:atlassian:jira:7.13.6 cpe:/a:atlassian:jira:8.0.0 cpe:/a:atlassian:jira:8.0.1 cpe:/a:atlassian:jira:8.0.2 cpe:/a:atlassian:jira:8.0.3 cpe:/a:atlassian:jira:8.0.4 cpe:/a:atlassian:jira:8.1.0 cpe:/a:atlassian:jira:8.1.1 cpe:/a:atlassian:jira:8.1.2 cpe:/a:atlassian:jira:8.1.3 cpe:/a:atlassian:jira:8.2.0 cpe:/a:atlassian:jira:8.2.1 cpe:/a:atlassian:jira:8.2.2 cpe:/a:atlassian:jira:8.2.3 cpe:/a:atlassian:jira:8.2.4 cpe:/a:atlassian:jira:8.2.5 cpe:/a:atlassian:jira:8.3.0 cpe:/a:atlassian:jira:8.3.1 cpe:/a:atlassian:jira:8.3.2 CVE-2019-14996 2019-09-11T10:15:11.367-04:00 2019-09-11T15:51:31.333-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2019-09-11T13:30:13.037-04:00 N/A N/A The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.