Loading...

XML

Word

Printable

Details

Type: Public Security Vulnerability
Resolution: Fixed
Priority: Low
Fix Version/s: 8.18.0
Affects Version/s: 8.15.0, 8.16.0, 8.17.0
Component/s: None
Labels:

CVSS Score:
4.8
CVSS Severity:
Medium
CVE ID:
CVE-2021-39117

Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the Custom Fields creation feature on the AssociateFieldToScreens page.

This bug was introduced in version 8.15.0, and is fixed in version 8.18.0.

*Affected versions:*

8.15.0 ≤ version < 8.18.0

Attachments

Issue Links

mentioned in: Page Loading...; Page Loading...

Activity

People

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 09/Jul/2021 1:38 PM

Updated:: 17/Oct/2021 8:24 PM

Resolved:: 30/Aug/2021 5:52 AM