Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-26078)

Description

The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote attackers inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.

Remediation

References

Related Vulnerabilities

RubyGems Deserialization of Untrusted Data Vulnerability (CVE-2017-0903)

WordPress Plugin WooCommerce-GloBee Payment Gateway Security Bypass (1.1.1)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1488)

WordPress Plugin Arigato Autoresponder and Newsletter Cross-Site Scripting (2.3.1)

MongoDb Improper Certificate Validation Vulnerability (CVE-2023-1409)

Severity

Medium

Classification

CVE-2021-26078 CWE-707

Tags

Missing Update Known Vulnerabilities