The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the handling of supplied content such as from a PDF when pasted into a field such as the description field.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://jira.atlassian.com/browse/JRASERVER-72716 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2021-08-30T06:30:15.787184Z
Updated: 2024-09-17T04:19:49.055Z
Reserved: 2021-08-16T00:00:00
Link: CVE-2021-39111
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-08-30T07:15:06.687
Modified: 2022-03-30T13:29:49.233
Link: CVE-2021-39111
Redhat
No data.