Uploaded image for project: 'Jira Server and Data Center'
  1. Jira Server and Data Center
  2. JRASERVER-72597

Stored XSS via Custom Fields creation on AssociateFieldToScreens page - CVE-2021-39117

    XMLWordPrintable

    Details

    • CVSS Score:
      4.8
    • CVSS Severity:
      Medium
    • CVE ID:
      CVE-2021-39117

      Description

      Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the Custom Fields creation feature on the AssociateFieldToScreens page.

      This bug was introduced in version 8.15.0, and is fixed in version 8.18.0.

      *Affected versions:*

      • 8.15.0 ≤ version < 8.18.0

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              security-metrics-bot Security Metrics Bot
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: