Description

The WorklogPRO - Jira Timesheets plugin in the Jira Data Center before 4.24.2-jira9, 4.24.2-jira10 and 4.24.2-jira11 allows attackers to inject arbitrary HTML or JavaScript via XSS. This is exploited via a crafted payload placed in the name of a filter. This code is executed in the browser when the user attempts to create a timesheet with the filter timesheet type on the custom timesheet dialog because the filter name is not properly sanitized during the action.

INFO

Published Date :

2026-01-20T00:00:00.000Z

Last Modified :

2026-01-23T18:17:32.362Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-67824 vulnerability.

Vendors Products
Atlassian
  • Jira Data Center
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-67824.

URL Resource
https://marketplace.atlassian.com/apps/1212626/worklogpro-timesheets-for-jira/version-history cve-icon cve-icon
https://thestarware.atlassian.net/wiki/x/CAAdyg cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact