CVE-2021-26079

Description

The CardLayoutConfigTable component in Jira Server and Jira Data Center before version 8.5.15, and from version 8.6.0 before version 8.13.7, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.

Risk Information

Base Score

6.1

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Score

Exploitation Probability

0.663

Associated Vulnerability

Vulnerability	OS Platform
Vulnerability CVE-2021-26079,CVE-2021-39112 are affected in Atlassian Jira 8.5.14	Windows
Multiple Vulnerabilities are affected in Atlassian Jira Core Data Center 8.6.2	Windows
Vulnerabilities CVE-2020-36239,CVE-2021-26079,CVE-2021-26082 are affected in Atlassian Jira Core Data Center 8.16.2	Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234