Description

The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote attackers inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.

Remediation

References

CVE-2021-26078

Related Vulnerabilities

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-4780)

Joomla! Core 3.x.x Security Bypass (3.8.8 - 3.9.16)

WordPress Plugin Share Buttons by AddThis Backdoor (2.1.2)

Serendipity Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1916)

Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-33338)

Severity

Medium

Classification

CVE-2021-26078 CWE-707

Tags

Missing Update Known Vulnerabilities