Cross site scripting

2021-07-2004:15:00

PRIOn knowledge base

www.prio-n.com

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.3%

JSON

The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a stored cross site scripting vulnerability.

CPENameOperatorVersion
data_centerlt8.5.14
jiralt8.5.14
jira_data_centerge8.6.0
jira_data_centerlt8.13.6
jira_data_centerge8.14.0
jira_data_centerlt8.17.0
jira_serverge8.6.0
jira_serverlt8.13.6
jira_serverge8.14.0
jira_serverlt8.17.0

Name	Operator	Version
data_center	lt	8.5.14
jira	lt	8.5.14
jira_data_center	ge	8.6.0
jira_data_center	lt	8.13.6
jira_data_center	ge	8.14.0
jira_data_center	lt	8.17.0
jira_server	ge	8.6.0
jira_server	lt	8.13.6
jira_server	ge	8.14.0
jira_server	lt	8.17.0

References

jira.atlassian.com/browse/JRASERVER-72393