Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-72597

Stored XSS via Custom Fields creation on AssociateFieldToScreens page - CVE-2021-39117

XMLWordPrintable

    • 4.8
    • Medium
    • CVE-2021-39117

      Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the Custom Fields creation feature on the AssociateFieldToScreens page.

      This bug was introduced in version 8.15.0, and is fixed in version 8.18.0.

      *Affected versions:*

      • 8.15.0 ≤ version < 8.18.0

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: