Affected versions of Jira Server and Jira Data Center have a XSS vulnerability in the EditWorkflowScheme.jspa component which allows remote attackers to inject arbitrary HTML or JavaScript:
Affected versions:
Fixed versions:
This vulnerability is attributed to Matteo Sebasta.