[JRASERVER-72432] XSS in Issue Type /editworkflowscheme.jspa - CVE 2021-26080 - Create and track feature requests for Atlassian products.

XML

Word

Printable

Details

Type: Public Security Vulnerability
Status: Published (View Workflow)
Priority: Low
Resolution: Fixed
Affects Version/s: 8.13.4, 8.5.12
Fix Version/s: 8.5.14, 8.13.6, 8.16.1
Component/s: None
Labels:

CVSS Score:
5.4
CVSS Severity:
Medium
CVE ID:
CVE-2021-26080

Description

Affected versions of Jira Server and Jira Data Center have a XSS vulnerability in the EditWorkflowScheme.jspa component which allows remote attackers to inject arbitrary HTML or JavaScript:

Affected versions:

version < 8.5.14
8.6.0 ≤ version < 8.13.6
8.14.0 ≤ version < 8.16.1

Fixed versions:

8.5.14
8.13.6
8.16.1

This vulnerability is attributed to Matteo Sebasta.

Attachments

Issue Links

mentioned in: Page Loading...

Activity

People

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 18/May/2021 5:47 PM

Updated:: 02/Sep/2021 11:07 PM

Resolved:: 27/May/2021 12:34 PM