PT-2021-16949 · Atlassian · Jira

Published

2021-07-20

Updated

2022-03-30

CVE-2021-26082

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Atlassian Jira Server and Jira Data Center versions 8.5.13 and earlier Atlassian Jira Server and Jira Data Center versions 8.6.0 through 8.13.5 Atlassian Jira Server and Jira Data Center versions 8.14.0 through 8.16.9

Description The XML Export feature in Atlassian Jira Server and Jira Data Center allows remote attackers to inject arbitrary HTML or JavaScript via a stored cross site scripting issue. This enables attackers to execute malicious scripts on the affected system.

Recommendations For versions 8.5.13 and earlier, update to version 8.5.14 or later. For versions 8.6.0 through 8.13.5, update to version 8.13.6 or later. For versions 8.14.0 through 8.16.9, update to version 8.17.0 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-26082

Affected Products

Jira

PT-2021-16949 · Atlassian · Jira

CVE-2021-26082

Weakness Enumeration

Related Identifiers

Affected Products

References · 5