Medium severity6.1NVD Advisory· Published Jan 20, 2026· Updated Apr 15, 2026
CVE-2025-67824
CVE-2025-67824
Description
The WorklogPRO - Jira Timesheets plugin in the Jira Data Center before 4.24.2-jira9, 4.24.2-jira10 and 4.24.2-jira11 allows attackers to inject arbitrary HTML or JavaScript via XSS. This is exploited via a crafted payload placed in the name of a filter. This code is executed in the browser when the user attempts to create a timesheet with the filter timesheet type on the custom timesheet dialog because the filter name is not properly sanitized during the action.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <4.24.2-jira9, <4.24.2-jira10, <4.24.2-jira11
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.