Cross site scripting

2021-04-1500:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

45.1%

JSON

The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.1 allows remote attackers to inject arbitrary HTML or JavaScript via a DOM Cross-Site Scripting (XSS) vulnerability caused by parameter pollution.

CPENameOperatorVersion
data_centerlt8.5.12
jiralt8.5.12
jira_data_centerge8.6.0
jira_data_centerlt8.13.4
jira_data_centerge8.14.0
jira_data_centerlt8.15.1
jira_serverge8.14.0
jira_serverlt8.15.1
jira_serverge8.6.0
jira_serverlt8.13.4

Name	Operator	Version
data_center	lt	8.5.12
jira	lt	8.5.12
jira_data_center	ge	8.6.0
jira_data_center	lt	8.13.4
jira_data_center	ge	8.14.0
jira_data_center	lt	8.15.1
jira_server	ge	8.14.0
jira_server	lt	8.15.1
jira_server	ge	8.6.0
jira_server	lt	8.13.4

References

jira.atlassian.com/browse/JRASERVER-72115

0.001 Low

EPSS

Percentile

45.1%

JSON

Related for PRION:CVE-2020-36288