Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-39111)

Description

The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the handling of supplied content such as from a PDF when pasted into a field such as the description field.

Remediation

References

Related Vulnerabilities

WordPress Plugin DW Mega Menu Cross-Site Request Forgery (1.0.1)

Oracle Database Server Resource Management Errors Vulnerability (CVE-2007-5506)

Squid Integer Overflow or Wraparound Vulnerability (CVE-2020-11945)

WordPress Plugin Extensive VC Addons for WPBakery page builder Local File Inclusion (1.9)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-29003)

Severity

Medium

Classification

CVE-2021-39111 CWE-707

Tags

Missing Update Known Vulnerabilities