CVE-2025-67824

Published: Jan 20, 2026

Modified: Jan 23, 2026

PUBLISHED

Description

The WorklogPRO - Jira Timesheets plugin in the Jira Data Center before 4.24.2-jira9, 4.24.2-jira10 and 4.24.2-jira11 allows attackers to inject arbitrary HTML or JavaScript via XSS. This is exploited via a crafted payload placed in the name of a filter. This code is executed in the browser when the user attempts to create a timesheet with the filter timesheet type on the custom timesheet dialog because the filter name is not properly sanitized during the action.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://marketplace.atlassian.com/apps/1212626/worklogpro-timesheets-for-jira/version-history

https://thestarware.atlassian.net/wiki/x/CAAdyg

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-67824

Description

Affected Products

References