The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability. The vulnerability is exploited via a specially crafted payload placed in an issue's summary field
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Worklogpro |
|
No data.
No data.
References
History
Fri, 23 Jan 2026 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Worklogpro
Worklogpro timesheets For Jira |
|
| Vendors & Products |
Worklogpro
Worklogpro timesheets For Jira |
Wed, 21 Jan 2026 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-79 | |
| Metrics |
cvssV3_1
|
Wed, 21 Jan 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability. The vulnerability is exploited via a specially crafted payload placed in an issue's summary field | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2026-01-21T00:00:00.000Z
Updated: 2026-01-21T16:26:13.307Z
Reserved: 2025-08-17T00:00:00.000Z
Link: CVE-2025-57681
Vulnrichment
Updated: 2026-01-21T16:25:41.664Z
NVD
Status : Received
Published: 2026-01-21T17:16:05.330
Modified: 2026-01-21T17:16:05.330
Link: CVE-2025-57681
Redhat
No data.