-
Public Security Vulnerability
-
Resolution: Fixed
-
Low (View bug fix roadmap)
-
8.5.0, 8.5.3, 8.13.0, 8.12.3
-
None
-
8.2
-
High
-
CVE-2020-36236
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints.
The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.
Affected versions:
- version < 8.5.11
- 8.6.0 ≤ version < 8.13.3
- 8.14.0 ≤ version < 8.15.0
Fixed versions:
- 8.5.11
- 8.13.3
- 8.15.0
- mentioned in
-
Page Failed to load
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
[JRASERVER-72015] XSS via ViewWorkflowSchemes.jspa, ListWorkflows.jspa - CVE-2020-36236
| CVE ID | New: CVE-2020-36236 |
| Labels | Original: CVE-2020-36236 advisory advisory-to-release dont-import security | New: CVE-2020-36236 advisory advisory-released dont-import security |
| Labels | Original: advisory advisory-to-release dont-import security | New: CVE-2020-36236 advisory advisory-to-release dont-import security |
| Security | Original: Reporter and Atlassian Staff [ 10751 ] |
| Summary | Original: XSS via ViewWorkflowSchemes.jspa, ListWorkflows.jspa - CVE-PENDING | New: XSS via ViewWorkflowSchemes.jspa, ListWorkflows.jspa - CVE-2020-36236 |
| Affects Version/s | New: 8.5.3 [ 90594 ] |
| Remote Link | New: This issue links to "Page (Confluence)" [ 529562 ] |
| Security | New: Reporter and Atlassian Staff [ 10751 ] |
| Security | Original: Atlassian Staff [ 10750 ] |
| Summary | Original: XSS via ViewWorkflowSchemes.jspa, ListWorkflows.jspa | New: XSS via ViewWorkflowSchemes.jspa, ListWorkflows.jspa - CVE-PENDING |