Stored XSS via Custom Fields creation on AssociateFieldToScreens page - CVE-2021-39117

2021-07-09T13:38:42
ID ATLASSIAN:JRASERVER-72597
Type atlassian
Reporter security-metrics-bot
Modified 2021-10-17T20:24:39

Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the Custom Fields creation feature on the AssociateFieldToScreens page.

This bug was introduced in version 8.15.0, and is fixed in version 8.18.0.

Affected versions: * 8.15.0 ≤ version < 8.18.0