Description

The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the handling of supplied content such as from a PDF when pasted into a field such as the description field.

Remediation

References

CVE-2021-39111

Related Vulnerabilities

WordPress Plugin Pay With Tweet SQL Injection and Cross-Site Scripting Vulnerabilities (1.1)

Drupal Core 6.x Remote Code Execution (6.0 - 6.38)

MySQL Other Vulnerability (CVE-2003-0150)

PHP Other Vulnerability (CVE-2021-21707)

Oracle JRE Cryptographic Issues Vulnerability (CVE-2012-5373)

Severity

Medium

Classification

CVE-2021-39111 CWE-707

Tags

Missing Update Known Vulnerabilities