CVE-2021-26078

Sažetak

The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote attackers inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.

Reference

https://jira.atlassian.com/browse/JRASERVER-72392
http://packetstormsecurity.com/files/163289/Atlassian-Jira-Server-Data-Center-8.16.0-Cross-Site-Scripting.html

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

22-04-2022 - 16:19

Objavljeno

07-06-2021 - 23:15