Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.

Remediation

References

CVE-2020-36236

Related Vulnerabilities

WordPress Plugin WooCommerce Potential PHP Object Injection (3.4.4)

WordPress Plugin Simple Membership Cross-Site Scripting (3.5.6)

WordPress Plugin PS PHPCaptcha WP Denial of Service (1.1.0)

Oracle Application Server CVE-2008-7233 Vulnerability (CVE-2008-7233)

WordPress Plugin Venture Event Manager Cross-Site Scripting (3.2.4)

Severity

Medium

Classification

CVE-2020-36236 CWE-707

Tags

Missing Update Known Vulnerabilities