CVE-2022-36801 | THREATINT

Description

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (RXSS) vulnerability in the TeamManagement.jspa endpoint. The affected versions are before version 8.20.8.

Reserved 2022-07-26 | Published 2022-08-10 | Updated 2024-10-29 | Assigner atlassian

Problem types

Reflected Cross-Site Scripting (RXSS)

Product status

Any version before 8.20.8

affected

Any version before 8.20.8

affected

References

jira.atlassian.com/browse/JRASERVER-73740

cve.org (CVE-2022-36801)

nvd.nist.gov (CVE-2022-36801)

Download JSON