The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote attackers inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/163289/Atlassian-Jira-Server-Data-Center-8.16.0-Cross-Site-Scripting.html | Exploit Third Party Advisory VDB Entry |
https://jira.atlassian.com/browse/JRASERVER-72392 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2021-06-07 23:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-26078
Mitre link : CVE-2021-26078
CVE.ORG link : CVE-2021-26078
JSON object : View
Products Affected
atlassian
- jira
- data_center
- jira_server
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')