Cross site scripting

2021-06-0723:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

45.1%

JSON

EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, and from 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.

CPENameOperatorVersion
jira_data_centerlt8.5.14
jira_data_centerge8.6.0
jira_data_centerlt8.13.6
jira_data_centerge8.14.0
jira_data_centerlt8.16.1
jira_serverge8.6.0
jira_serverlt8.13.6
jira_serverge8.14.0
jira_serverlt8.16.1
jira_serverlt8.5.14

Name	Operator	Version
jira_data_center	lt	8.5.14
jira_data_center	ge	8.6.0
jira_data_center	lt	8.13.6
jira_data_center	ge	8.14.0
jira_data_center	lt	8.16.1
jira_server	ge	8.6.0
jira_server	lt	8.13.6
jira_server	ge	8.14.0
jira_server	lt	8.16.1
jira_server	lt	8.5.14

References

jira.atlassian.com/browse/JRASERVER-72432

0.001 Low

EPSS

Percentile

45.1%

JSON

Related for PRION:CVE-2021-26080