Uploaded image for project: 'Jira Server and Data Center'
  1. Jira Server and Data Center
  2. JRASERVER-72597

Stored XSS via Custom Fields creation on AssociateFieldToScreens page - CVE-2021-39117

    XMLWordPrintable

Details

    • 4.8
    • Medium
    • CVE-2021-39117

    Description

      Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the Custom Fields creation feature on the AssociateFieldToScreens page.

      This bug was introduced in version 8.15.0, and is fixed in version 8.18.0.

      *Affected versions:*

      • 8.15.0 ≤ version < 8.18.0

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: