Lucene search
Security-metrics-botATLASSIAN:JRASERVER-72015HistoryJan 21, 2021 - 6:34 p.m.
XSS via ViewWorkflowSchemes.jspa, ListWorkflows.jspa - CVE-2020-36236
2021-01-2118:34:39
security-metrics-bot
jira.atlassian.com
27
0.001 Low
EPSS
Percentile
45.0%
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints.
The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.
Affected versions:
- version < 8.5.11
- 8.6.0 ≤ version < 8.13.3
- 8.14.0 ≤ version < 8.15.0
Fixed versions:
- 8.5.11
- 8.13.3
- 8.15.0
Related
cve
cve
CVE-2020-36236
2021-02-15 00:15:12
nvd
nvd
CVE-2020-36236
2021-02-15 00:15:12
cvelist
cvelist
CVE-2020-36236
2021-02-04 00:00:00
cnvd
cnvd
Atlassian Jira Server and Data Center Cross-Site Scripting Vulnerability
2021-03-09 00:00:00
atlassian
atlassian
XSS via ViewWorkflowSchemes.jspa, ListWorkflows.jspa - CVE-2020-36236
2021-01-21 18:34:39
prion
prion
Cross site scripting
2021-02-15 00:15:00
nessus
nessus
Atlassian JIRA < 8.5.11 / 8.6.x < 8.13.3 / 8.14.x < 8.15.0 Multiple XSS
2021-03-12 00:00:00
Atlassian Jira 8.14.x < 8.15.0 Multiple Vulnerabilities
2021-07-02 00:00:00
Atlassian Jira < 8.5.11 Multiple Vulnerabilities
2021-07-02 00:00:00