CVE-2021-26080

EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, and from 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.
References
Link Resource
https://jira.atlassian.com/browse/JRASERVER-72432 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*

History

05 May 2022, 15:39

Type Values Removed Values Added
CPE cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:*

30 Mar 2022, 13:29

Type Values Removed Values Added
First Time Atlassian jira Data Center
CPE cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*

25 Mar 2022, 18:14

Type Values Removed Values Added
CPE cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
First Time Atlassian jira Server

14 Jun 2021, 18:23

Type Values Removed Values Added
CWE CWE-79
CPE cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 4.3
v3 : 6.1
References (MISC) https://jira.atlassian.com/browse/JRASERVER-72432 - (MISC) https://jira.atlassian.com/browse/JRASERVER-72432 - Patch, Vendor Advisory

07 Jun 2021, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-06-07 23:15

Updated : 2022-05-05 15:39


NVD link : CVE-2021-26080

Mitre link : CVE-2021-26080


JSON object : View

Products Affected

atlassian

  • jira_server
  • jira_data_center
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')