CVE-2021-39111
Description
The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the handling of supplied content such as from a PDF when pasted into a field such as the description field.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.344
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2021-39111,CVE-2021-39121 are affected in Atlassian Jira 8.5.17 | Windows |
| Multiple Vulnerabilities are affected in Atlassian Jira Core Data Center 8.6.2 | Windows |
| Vulnerabilities CVE-2021-39111,CVE-2021-39121 are affected in Atlassian Jira Core Data Center 8.18.1 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234