logo
DATABASE RESOURCES PRICING ABOUT US

Stored XSS via Custom Fields creation on AssociateFieldToScreens page - CVE-2021-39117

Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the Custom Fields creation feature on the AssociateFieldToScreens page. This bug was introduced in version 8.15.0, and is fixed in version 8.18.0. **Affected versions:** * 8.15.0 ≤ version < 8.18.0


Affected Software


CPE Name Name Version
jira server and data center 8.15.0
jira server and data center 8.16.0
jira server and data center 8.17.0
jira server and data center 8.18.0

Related