CVE-2021-39111
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the handling of supplied content such as from a PDF when pasted into a field such as the description field.
El plugin Editor en Atlassian Jira Server y Data Center versiones anteriores a 8.5.18, desde versiones 8.6.0 anteriores a 8.13.10, y desde versiones 8.14.0 anteriores a 8.18.2, permite a atacantes remotos inyectar HTML o JavaScript arbitrario por medio de una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el manejo de contenido suministrado como de un PDF cuando se pega en un campo como description.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2021-08-16 CVE Reserved
- 2021-08-30 CVE Published
- 2024-09-02 EPSS Updated
- 2024-10-11 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://jira.atlassian.com/browse/JRASERVER-72716 | 2022-03-30 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Atlassian Search vendor "Atlassian" | Data Center Search vendor "Atlassian" for product "Data Center" | < 8.5.18 Search vendor "Atlassian" for product "Data Center" and version " < 8.5.18" | - |
Affected
| ||||||
Atlassian Search vendor "Atlassian" | Jira Search vendor "Atlassian" for product "Jira" | < 8.5.18 Search vendor "Atlassian" for product "Jira" and version " < 8.5.18" | - |
Affected
| ||||||
Atlassian Search vendor "Atlassian" | Jira Data Center Search vendor "Atlassian" for product "Jira Data Center" | >= 8.6.0 < 8.13.10 Search vendor "Atlassian" for product "Jira Data Center" and version " >= 8.6.0 < 8.13.10" | - |
Affected
| ||||||
Atlassian Search vendor "Atlassian" | Jira Data Center Search vendor "Atlassian" for product "Jira Data Center" | >= 8.14.0 < 8.18.2 Search vendor "Atlassian" for product "Jira Data Center" and version " >= 8.14.0 < 8.18.2" | - |
Affected
| ||||||
Atlassian Search vendor "Atlassian" | Jira Server Search vendor "Atlassian" for product "Jira Server" | >= 8.6.0 < 8.13.10 Search vendor "Atlassian" for product "Jira Server" and version " >= 8.6.0 < 8.13.10" | - |
Affected
| ||||||
Atlassian Search vendor "Atlassian" | Jira Server Search vendor "Atlassian" for product "Jira Server" | >= 8.14.0 < 8.18.2 Search vendor "Atlassian" for product "Jira Server" and version " >= 8.14.0 < 8.18.2" | - |
Affected
|