Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.

Remediation

References

CVE-2020-36236

Related Vulnerabilities

WordPress Plugin Custom Sidebars-Dynamic Widget Area Manager Multiple Vulnerabilities (3.0.8)

WordPress Plugin Tutor LMS-eLearning and online course solution Multiple Vulnerabilities (1.7.6)

Atlassian Confluence Uncontrolled Search Path Element Vulnerability (CVE-2019-20406)

PHP Other Vulnerability (CVE-2007-1888)

Sqlite Use After Free Vulnerability (CVE-2021-20227)

Severity

Medium

Classification

CVE-2020-36236 CWE-707

Tags

Missing Update Known Vulnerabilities