Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-72597

Stored XSS via Custom Fields creation on AssociateFieldToScreens page - CVE-2021-39117

XMLWordPrintable

    • 4.8
    • Medium
    • CVE-2021-39117

      Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the Custom Fields creation feature on the AssociateFieldToScreens page.

      This bug was introduced in version 8.15.0, and is fixed in version 8.18.0.

      *Affected versions:*

      • 8.15.0 ≤ version < 8.18.0

            Unassigned Unassigned
            security-metrics-bot Security Metrics Bot
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: