-
Public Security Vulnerability
-
Resolution: Fixed
-
Low
-
8.15.0, 8.16.0, 8.17.0
-
None
-
4.8
-
Medium
-
CVE-2021-39117
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the Custom Fields creation feature on the AssociateFieldToScreens page.
This bug was introduced in version 8.15.0, and is fixed in version 8.18.0.
*Affected versions:*
- 8.15.0 ≤ version < 8.18.0