The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the handling of supplied content such as from a PDF when pasted into a field such as the description field.
History

Fri, 11 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: atlassian

Published: 2021-08-30T06:30:15.787184Z

Updated: 2024-10-11T17:20:26.330Z

Reserved: 2021-08-16T00:00:00

Link: CVE-2021-39111

cve-icon Vulnrichment

Updated: 2024-08-04T01:58:17.957Z

cve-icon NVD

Status : Modified

Published: 2021-08-30T07:15:06.687

Modified: 2024-11-21T06:18:35.470

Link: CVE-2021-39111

cve-icon Redhat

No data.