Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.
Advisories
Source ID Title
EUVD EUVD EUVD-2020-23781 Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: atlassian

Published:

Updated: 2024-09-17T02:16:55.095Z

Reserved: 2021-01-27T00:00:00

Link: CVE-2020-36236

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-02-15T00:15:12.497

Modified: 2024-11-21T05:29:07.233

Link: CVE-2020-36236

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.