The attachment download resource in Atlassian Jira Server and Data Center prior to 8.5.5, and from 8.6.0 prior to 8.8.2, and from 8.9.0 prior to 8.9.1 allows remote malicious users to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a vnd.wap.xhtml+xml content type.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
atlassian jira |
||
atlassian jira server |
||
atlassian jira software data center |
||
atlassian jira data center |