CVE-2025-67824

Name of the Vulnerable Software and Affected Versions WorklogPRO - Jira Timesheets plugin versions prior to 4.24.1-jira9 WorklogPRO - Jira Timesheets plugin versions prior to 4.24.1-jira10 WorklogPRO - Jira Timesheets plugin versions prior to 4.24.1-jira11

Description The WorklogPRO - Jira Timesheets plugin for Jira Data Center is susceptible to cross-site scripting (XSS). An attacker can inject arbitrary HTML or JavaScript code by crafting a malicious payload within the name of a filter. This payload is executed in the user's browser when creating a timesheet with the filter timesheet type on the custom timesheet dialog, as the filter name is not properly sanitized. The vulnerability occurs because the filter name is not properly sanitized during the action.

Recommendations Update WorklogPRO - Jira Timesheets plugin to version 4.24.1-jira9 or later. Update WorklogPRO - Jira Timesheets plugin to version 4.24.1-jira10 or later. Update WorklogPRO - Jira Timesheets plugin to version 4.24.1-jira11 or later.