Cross-Site Scripting Vulnerability in Atlassian Jira Server and Data Center
CVE-2021-39111

6.1MEDIUM

Key Information:

Vendor

Atlassian
Status
Jira Server
Jira Data Center
Vendor
CVE Published:
30 August 2021

What is CVE-2021-39111?

The Editor plugin in Atlassian Jira Server and Data Center is susceptible to a Cross-Site Scripting (XSS) vulnerability. This flaw allows remote attackers to inject arbitrary HTML or JavaScript code via maliciously crafted content. The vulnerability is triggered when users paste content from sources like PDFs into fields such as the description field, posing a significant risk to the security of affected instances.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Jira Data Center < 8.5.18

Jira Data Center 8.6.0

Jira Data Center < 8.13.10

References

https://jira.atlassian.com/browse/JRASERVER-72716
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.