CNNVD-202601-3200 Information

Jan 20, 2026 cve

CNNVD ID

CNNVD-202601-3200

CVE-2025-67824

CNNVD Published: 2026-01-20

Description (Chinese)

The Starware WorklogPRO - Jira Timesheets是土耳其The Starware公司的一个工时记录插件。 The Starware WorklogPRO - Jira Timesheets 4.24.1-jira9、4.24.1-jira10和4.24.1-jira11之前版本存在安全漏洞，该漏洞源于过滤器名称清理不当，可能导致通过特制有效载荷注入任意HTML或JavaScript。

Description (English)

The Starware WorklogPRO-Jira Timesheets is a time-recording plugin for The Starware Company in Turkey. The Starware WorklogPRO - Jira Timesheets 4.24.1-jira9, 4.241-jira10 and 4.241-jira11 pre-versions contain security loopholes, which stem from the inappropriate clean-up of filter names and may result in the injection of any type of HTML or JavaScript through a specially designed payload.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

The Starware

Published

2026-01-20

Last Modified

2026-02-24

References

https://thestarware.atlassian.net/wiki/x/CAAdyg https://marketplace.atlassian.com/apps/1212626/worklogpro-timesheets-for-jira/version-history https://thestarware.atlassian.net/wiki/spaces/WLP/pages/3326574597/Security+Advisory+CVE-2025-57681+-+Stored+XSS+in+WorklogPRO+DC https://access.redhat.com/security/cve/cve-2025-67824

Patch

https://marketplace.atlassian.com/apps/1212626/worklogpro-timesheets-for-jira/version-history

Share on: