XSS in Issue Type /editworkflowscheme.jspa - CVE 2021-26080

Affected versions of Jira Server and Jira Data Center have a XSS vulnerability in the EditWorkflowScheme.jspa component which allows remote attackers to inject arbitrary HTML or JavaScript:

Affected versions:

• version < 8.5.14
• 8.6.0 ≤ version <  8.13.6
• 8.14.0 ≤ version < 8.16.1

Fixed versions:

• 8.5.14
• 8.13.6
• 8.16.1

This vulnerability is attributed to Matteo Sebasta.