The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the handling of supplied content such as from a PDF when pasted into a field such as the description field.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://jira.atlassian.com/browse/JRASERVER-72716 |
History
Fri, 11 Oct 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2021-08-30T06:30:15.787184Z
Updated: 2024-10-11T17:20:26.330Z
Reserved: 2021-08-16T00:00:00
Link: CVE-2021-39111
Vulnrichment
Updated: 2024-08-04T01:58:17.957Z
NVD
Status : Modified
Published: 2021-08-30T07:15:06.687
Modified: 2024-11-21T06:18:35.470
Link: CVE-2021-39111
Redhat
No data.