Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
EUVD-2020-23781 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0. |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
Link | Providers |
---|---|
https://jira.atlassian.com/browse/JRASERVER-72015 |
![]() ![]() |
History
No history.

Status: PUBLISHED
Assigner: atlassian
Published:
Updated: 2024-09-17T02:16:55.095Z
Reserved: 2021-01-27T00:00:00
Link: CVE-2020-36236

No data.

Status : Modified
Published: 2021-02-15T00:15:12.497
Modified: 2024-11-21T05:29:07.233
Link: CVE-2020-36236

No data.

No data.