Security Advisory

CVE-2025-67824

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-20 00:00:00
Last updated 2026-01-23 18:17:32
Assigner mitre
State PUBLISHED

Description

The WorklogPRO - Jira Timesheets plugin in the Jira Data Center before 4.24.2-jira9, 4.24.2-jira10 and 4.24.2-jira11 allows attackers to inject arbitrary HTML or JavaScript via XSS. This is exploited via a crafted payload placed in the name of a filter. This code is executed in the browser when the user attempts to create a timesheet with the filter timesheet type on the custom timesheet dialog because the filter name is not properly sanitized during the action.