• Type: Public Security Vulnerability
• Resolution: Fixed
• Priority: Low (View bug fix roadmap)
• Fix Version/s: 8.5.11, 8.13.3, 8.15.0
• Affects Version/s: 8.5.0, 8.13.0
• Component/s: None
• Labels:

  • CVE-2020-36234
  • advisory
  • advisory-released
  • dont-import
  • security

[JRASERVER-72059] Stored XSS via Custom Fields on Screens Modal - CVE-2020-36234

Security Metrics Bot made changes - 16/Sep/2021 5:28 AM

CVE ID

New: CVE-2020-36234

David Black made changes - 02/Mar/2021 11:21 PM

Labels

Original: CVE-2020-36234 advisory advisory-to-release dont-import security

New: CVE-2020-36234 advisory advisory-released dont-import security

AB made changes - 14/Feb/2021 11:57 PM

Labels

Original: advisory advisory-to-release dont-import security

New: CVE-2020-36234 advisory advisory-to-release dont-import security

AB made changes - 14/Feb/2021 11:57 PM

Summary

Original: Stored XSS via Custom Fields on Screens Modal - CVE-PENDING

New: Stored XSS via Custom Fields on Screens Modal - CVE-2020-36234

AB made changes - 03/Feb/2021 10:55 PM

Security

Original: Atlassian Staff [ 10750 ]

AB made changes - 03/Feb/2021 10:55 PM

Resolution		New: Fixed [ 1 ]
Status	Original: Draft [ 12872 ]	New: Published [ 12873 ]

AB made changes - 03/Feb/2021 10:55 PM

Summary

Original: Stored XSS via Custom Fields on Screens Modal

New: Stored XSS via Custom Fields on Screens Modal - CVE-PENDING

AB made changes - 03/Feb/2021 10:54 PM

Description

Original: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0. **Affected versions:**  * version < 8.5.11  * 8.6.0 ≤ version < 8.13.3  * 8.14.0 ≤ version < 8.15.0 **Fixed versions:**  * 8.5.11  * 8.13.3  * 8.15.0

New: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.   *Affected versions:*  * version < 8.5.11  * 8.6.0 ≤ version < 8.13.3  * 8.14.0 ≤ version < 8.15.0 *Fixed versions:*  * 8.5.11  * 8.13.3  * 8.15.0

AB made changes - 03/Feb/2021 10:54 PM

Description

Original: This vulnerability affects certain versions of Atlassian Jira Server. Please describe the impact of the vulnerability here. No known vulnerability could be read off of the parent.

New: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0. **Affected versions:**  * version < 8.5.11  * 8.6.0 ≤ version < 8.13.3  * 8.14.0 ≤ version < 8.15.0 **Fixed versions:**  * 8.5.11  * 8.13.3  * 8.15.0

Security Metrics Bot made changes - 03/Feb/2021 10:53 PM

Labels

New: advisory advisory-to-release dont-import security

Security Metrics Bot created issue - 03/Feb/2021 10:53 PM