CVE-2020-36236
MEDIUMAtlassian Jira <8.5.11, 8.6.0-8.13.3, 8.14.0-8.15.0 - Cross-Site Scripting
Title source: llmDescription
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://jira.atlassian.com/browse/JRASERVER-72015
Scores
CVSS v3
6.1
EPSS
0.0039
EPSS Percentile
60.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (4)
atlassian/jira
< 8.5.11
atlassian/jira_data_center
8.6.0 - 8.13.3
atlassian/jira_server
8.6.0 - 8.13.3
atlassian/jira_software_data_center
< 8.5.11
Published
Feb 15, 2021
Tracked Since
Feb 18, 2026