The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows XXE due to a weakly configured/parameterized XML parser. It was fixed in the versions 5.2.1 and 3.3.7
7.5CVSS
7.4AI Score
0.001EPSS
The Transition Scheduler add-on 6.5.0 for Atlassian Jira is prone to stored XSS via the project name to the creation function.
5.4CVSS
5.2AI Score
0.001EPSS