Description

The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote attackers inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.

Remediation

References

CVE-2021-26078

Related Vulnerabilities

phpList Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-12639)

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-4313)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-15139)

WordPress Plugin Shortcode Addons-with Visual Composer, Divi, Beaver Builder and Elementor Extension Function Injection (3.2.5)

WordPress Plugin Velvet Blues Update URLs Unspecified Vulnerability (2.1)

Severity

Medium

Classification

CVE-2021-26078 CWE-707

Tags

Missing Update Known Vulnerabilities