Home

CVE-2021-26080

Description

EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, and from 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.

Risk Information

Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.571

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Atlassian Jira 8.5.13Windows
Multiple Vulnerabilities are affected in Atlassian Jira Core Data Center 8.5.9Windows
Multiple Vulnerabilities are affected in Atlassian Jira Core Data Center 8.6.2Windows
Vulnerabilities CVE-2021-26080,CVE-2021-26081,CVE-2021-26083,CVE-2021-26086 are affected in Atlassian Jira Core Data Center 8.16.0Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234