Description

The CardLayoutConfigTable component in Jira Server and Jira Data Center before version 8.5.15, and from version 8.6.0 before version 8.13.7, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.

Remediation

References

CVE-2021-26079

Related Vulnerabilities

WordPress Plugin Contact Form Manager Multiple Cross-Site Scripting Vulnerabilities (1.4.1)

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-2422)

WordPress Plugin FV Flowplayer Video Player Cross-Site Scripting (7.3.13.727)

Apache HTTP Server Other Vulnerability (CVE-2006-4154)

PHP Other Vulnerability (CVE-2015-7803)

Severity

Medium

Classification

CVE-2021-26079 CWE-707

Tags

Missing Update Known Vulnerabilities