The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote attackers inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/163289/Atlassian-Jira-Server-Data-Center-8.16.0-Cross-Site-Scripting.html | Exploit Third Party Advisory VDB Entry |
https://jira.atlassian.com/browse/JRASERVER-72392 | Patch Vendor Advisory |
http://packetstormsecurity.com/files/163289/Atlassian-Jira-Server-Data-Center-8.16.0-Cross-Site-Scripting.html | Exploit Third Party Advisory VDB Entry |
https://jira.atlassian.com/browse/JRASERVER-72392 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:55
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/163289/Atlassian-Jira-Server-Data-Center-8.16.0-Cross-Site-Scripting.html - Exploit, Third Party Advisory, VDB Entry | |
References | () https://jira.atlassian.com/browse/JRASERVER-72392 - Patch, Vendor Advisory |
Information
Published : 2021-06-07 23:15
Updated : 2024-11-21 05:55
NVD link : CVE-2021-26078
Mitre link : CVE-2021-26078
CVE.ORG link : CVE-2021-26078
JSON object : View
Products Affected
atlassian
- data_center
- jira_server
- jira
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')