Description

EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, and from 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.

Remediation

References

CVE-2021-26080

Related Vulnerabilities

MySQL CVE-2014-2440 Vulnerability (CVE-2014-2440)

osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-1317)

WordPress Plugin Google Analytics Dashboard Plugin for WordPress by MonsterInsights Multiple Cross-Site Scripting Vulnerabilities (4.2.4)

WordPress Plugin WordPress Advanced Ticket System, Elite Support Helpdesk Cross-Site Scripting (1.0.63)

Atlassian Confluence Improper Control of Dynamically-Managed Code Resources Vulnerability (CVE-2019-15006)

Severity

Medium

Classification

CVE-2021-26080 CWE-707

Tags

Missing Update Known Vulnerabilities