3scale does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks.
Are JIRA's always/sometimes created to correspond to bugzilla CVE issues? I see many, but I don't know the rule and if I can "trust" on it, and that this one will be in JIRA. It does sound similar to other CVEs I have seen in JIRA.
*** Bug 2022860 has been marked as a duplicate of this bug. ***