In the "Time in Status" app before 4.13.0 for Jira, remote authenticated attackers can cause Stored XSS.
https://marketplace.atlassian.com/apps/1211756/time-in-status/version-history
https://dev.obss.com.tr/jira/browse/APDTIS-1097?src=confmacro
https://dev.obss.com.tr/confluence/display/MD/2021-02-25+Time+in+Status+for+Jira+Server+and+Data+Center+Security+Advisory
Source: Mitre, NVD
Published: 2021-03-08
Updated: 2026-06-17
Base Score: 3.5
Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N
Severity: Low
Base Score: 5.4
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity: Medium
EPSS: 0.00262