Lucene search
Security-metrics-botATLASSIAN:JRASERVER-72716HistoryAug 18, 2021 - 1:00 a.m.
Self-xss via copying content from a PDF - CVE-2021-39111
2021-08-1801:00:26
security-metrics-bot
jira.atlassian.com
28
atlassian jira server
data center
cross-site scripting
pdf
cve-2021-39111
EPSS
0.001
Percentile
45.4%
The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the handling of supplied content such as from a PDF when pasted into a field such as the description field.
The affected versions are before version 8.5.18, from version 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2.
Affected versions:
- version < 8.5.18
- 8.6.0 ≤ version < 8.13.10
- 8.14.0 ≤ version < 8.18.2
Fixed versions:
- 8.5.18
- 8.13.10
- 8.18.2
- 8.19.0
Related
cve
cve
CVE-2021-39111
2021-08-30 07:15:06
nvd
nvd
CVE-2021-39111
2021-08-30 07:15:06
prion
prion
Cross site scripting
2021-08-30 07:15:00
cvelist
cvelist
CVE-2021-39111
2021-08-30 06:30:15
atlassian
atlassian
Self-xss via copying content from a PDF - CVE-2021-39111
2021-08-18 01:00:26
nessus
nessus
Atlassian Jira < 8.5.18 Multiple Vulnerabilities
2021-09-10 00:00:00
Atlassian Jira 8.6.x < 8.13.10 Multiple Vulnerabilities
2021-09-10 00:00:00
Atlassian Jira 8.14.x < 8.18.2 Multiple Vulnerabilities
2021-09-10 00:00:00