Description
EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, and from 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.
Related CPE's
a
atlassian
jira_data_center
3
a
atlassian
jira_server
3
References
https://jira.atlassian.com/browse/JRASERVER-72432
PatchVendor Advisory
https://jira.atlassian.com/browse/JRASERVER-72432
PatchVendor Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 · Medium
Information
Source identifier
Vulnerability status
Modified
Published
2021-06-07T21:15:08.127Z
4 years agoLast modified
2024-11-21T04:55:49.907Z
1 year ago