CVE-2021-39117

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
4.8MEDIUM
EPSS
0.2%
top 55.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Atlassian Jira Data CenterAtlassian Jira ServerAtlassian Data Center+1 more
Timeline
PublishedAug 30
Latest updateMay 24

Description

The AssociateFieldToScreens page in Atlassian Jira Server and Data Center before version 8.18.0 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability via the name of a custom field.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages4 packages

CVEListV5atlassian/jira_data_centerunspecified8.18.0
CVEListV5atlassian/jira_serverunspecified8.18.0
NVDatlassian/data_center< 8.18.0
NVDatlassian/jira< 8.18.0

🔴Vulnerability Details

2
GHSA
GHSA-94j7-qfrq-rx57: The AssociateFieldToScreens page in Atlassian Jira Server and Data Center before version 82022-05-24
CVEList
CVE-2021-39117: The AssociateFieldToScreens page in Atlassian Jira Server and Data Center before version 82021-08-30
CVE-2021-39117 (MEDIUM CVSS 4.8) | The AssociateFieldToScreens page in | cvebase.io