The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 prior to 8.13.10, and from version 8.14.0 prior to 8.18.2 allows remote malicious users to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the handling of supplied content such as from a PDF when pasted into a field such as the description field.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
atlassian data center |
||
atlassian jira |
||
atlassian jira data center |
||
atlassian jira server |