Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
added 2021/08/18 1:0 a.m.60 views

Project key enumeration via the /rest/api/latest/projectvalidate/key endpoint - CVE-2021-39121

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira projects via an Information Disclosure vulnerability in the /rest/api/latest/projectvalidate/key endpoint. The affected versions are before version 8.5.18, from...

4.3CVSS5.5AI score0.01141EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/07/09 1:38 p.m.60 views

Stored XSS via Custom Fields creation on AssociateFieldToScreens page - CVE-2021-39117

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting SXSS vulnerability in the Custom Fields creation feature on the AssociateFieldToScreens page. This bug was introduced in version 8.15.0, and i...

4.8CVSS3.8AI score0.00635EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/03/15 12:53 a.m.60 views

The name of a filter can be used to XSS users who open an "Export HTML Report" - CVE-2021-26083

Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in Export HTML Report feature. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before...

5.4CVSS3.1AI score0.00599EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/02/26 5:0 p.m.60 views

RCE via git-lfs in Sourcetree for Windows - CVE-2021-21237

There was an argument injection vulnerability in SourceTree for Windows introduced through git-lfs. An attacker could create a malicious repository which, after being cloned in SourceTree for Windows and enabled with git-lfs, is able to exploit this issue to gain code execution on the system. Thi...

7.8CVSS4.6AI score0.00436EPSS
Exploits0
Atlassian
Atlassian
added 2020/10/06 10:57 p.m.60 views

XSS in Jira issue filter export file via malicious full name - CVE-2020-14184

Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in Jira issue filter export files. The affected versions are before version 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before...

5.4CVSS3.7AI score0.00944EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2020/04/16 7:57 p.m.60 views

CSRF in the setup resources - CVE-2020-4018

The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery CSRF vulnerability...

8.8CVSS5.7AI score0.0057EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2020/04/16 7:38 p.m.60 views

Information disclosure in the /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin - CVE-2020-4016

The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability...

5.3CVSS4.5AI score0.01245EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2019/08/12 2:41 a.m.60 views

XSS in the FilterPickerPopup.jspa resource through the searchOwnerUserName parameter - CVE-2019-14996

The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the searchOwnerUserName parameter...

6.1CVSS4AI score0.01274EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2019/06/26 5:27 a.m.60 views

CVE-2019-11581 - Template injection in various resources

There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. For this issue to be exploitable at least one of the following conditions must be met: an SMTP server has been configured in Jira and the Contact...

9.8CVSS2.6AI score0.84621EPSS
Exploits2
Atlassian
Atlassian
added 2019/04/29 3:27 a.m.60 views

Permissions bypass in the inline-create rest resource - CVE-2018-20826

The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check...

4.3CVSS5.6AI score0.00847EPSS
Exploits1Affected Software1
Atlassian
Atlassian
added 2017/04/24 9:51 p.m.60 views

Encrypt password variables in VARIABLE_CONTEXT and VARIABLE_BASELINE_ITEM tables

h3. Problem Definition Currently, Bamboo password variables are not encrypted in the VARIABLECONTEXT and VARIABLEBASELINEITEM tables, even though they are encrypted in VARIABLEDEFINITION h3. Suggested Solution Encrypt passwords in VARIABLECONTEXT and VARIABLEBASELINEITEM tables h3. Workaround...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2017/03/14 1:20 p.m.60 views

Upgrade Tomcat to the version 8.5.29

Current version of Tomcat 8.5.6 bundled with JIRA 7.3.x is vulnerable to https://tomcat.apache.org/security-8.htmlFixedinApacheTomcat8.5.9. Customer would like the Tomcat to be upgraded to the latest version available as their client is no longer willing to run JIRA without having the tomcat...

7.9AI score
Exploits0
Atlassian
Atlassian
added 2017/01/31 8:40 a.m.60 views

Deleted page with restrictions notified all users

h2. Summary Restricted page was deleted, user were restricted from that page receive email notification about the page was deleted. h3. h3. Steps to replicate Create 2 users with the name User A and User B. User A created a space called Notification and created a page called Testing. User A...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/03/02 3:36 p.m.60 views

Responses with Set-Cookie header cached

h3. Context We have Jira running with SSO from Crowd. Jira is behind a corporate reverse proxy from BlueCoat which has caching enabled but respects the Cache-control, Expire and Pragma HTTP headers. h3. Problem We have discovered following cases of sessions mix up where a user \1 get the Crowd...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/09/10 4:14 a.m.60 views

The JIRA/Crowd applications fail to properly sanitize user input in the query string of the website or in the value of a parameter

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-29640. panel We need to avoid Cross-site Scripting vulnerabilities. A function should be created to provide server side and client side inpu...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2024/02/14 10:45 a.m.59 views

DoS (Denial of Service) org.json:json Dependency in Jira Software Data Center and Server

This High severity org.json:json Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, and 9.12.0 of Jira Software Data Center and Server. This org.json:json Dependency vulnerability, with a CVSS...

7.5CVSS7.1AI score0.01449EPSS
Exploits1
Atlassian
Atlassian
added 2023/11/22 6:44 a.m.59 views

DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Vulnerability in Crowd Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 5.2.0, 5.1.5, 5.0.7, 4.4.5, and other older versions of Crowd Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS7.2AI score0.99999EPSS
Exploits19
Atlassian
Atlassian
added 2023/09/18 9:40 p.m.59 views

org.apache.tomcat:tomcat-catalina Vulnerability in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 9.2.2, 9.2.3 and 9.3.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticat...

7.5CVSS7.3AI score0.46836EPSS
Exploits1
Atlassian
Atlassian
added 2023/06/29 2:27 p.m.59 views

Injection, RCE (Remote Code Execution) in Bamboo

This High severity Injection and RCE Remote Code Execution vulnerability known as CVE-2023-22506 was introduced in version 8.0.0 of Bamboo Data Center. This Injection and RCE Remote Code Execution vulnerability, with a CVSS Score of 7.5, allows an authenticated attacker to modify the actions take...

8.8CVSS9.4AI score0.01805EPSS
Exploits0
Atlassian
Atlassian
added 2023/01/12 9:57 a.m.59 views

Bump jackson-databind dependency to 2.13.4.2

Embedded Crowd library has transitive dependency to vulnerable library code:java com.fasterxml.jackson.core:jackson-databind:jar:2.12.1 - CVE-2020-36518code It is being included through Crowd dependency to com.microsoft.azure:msal4j:jar:1.11.0 The affected versions are before version 5.0.4...

7.5CVSS5AI score0.0486EPSS
Exploits1Affected Software1
Atlassian
Atlassian
added 2021/11/30 6:48 p.m.59 views

Email Template Injection to RCE - CVE-2021-43947

Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution RCE vulnerability in the Email Templates feature. This issue bypasses the fix of https://jira.atlassian.com/browse/JSDSERVER-8665...

9CVSS5.1AI score0.04117EPSS
Exploits0
Atlassian
Atlassian
added 2021/10/25 1:13 a.m.59 views

Reflected XSS /secure/admin/ImporterFinishedPage.jspa via error message - CVE-2021-41304

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in the /secure/admin/ImporterFinishedPage.jspa error message. The affected versions are before version 8.13.12, and from...

6.1CVSS5AI score0.00848EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2020/04/16 6:36 p.m.59 views

XSS in the review resource through objectives - CVE-2020-4013

The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting XSS vulnerability through the review objectives...

5.4CVSS4.4AI score0.00628EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2020/03/30 6:13 p.m.59 views

IDOR Disclosure of Private Project Titles

h3. Issue Summary Prerequisite:- Make sure to edit the hosts file in Linux located at /etc/hosts/ adding an entry as jira.hack Setup jira and create a new user account which can be achieved by navigating to User Management Users Create User and setting the Application Access to Jira-core. ...

7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/09/12 6:27 a.m.59 views

CVE-2016-6668 - The HipChat plugin for various products leaks the secret key it uses to communicate with a linked HipChat instance.

The HipChat for JIRA plugin exposed the secret key it used to communicate with a linked HipChat service in various pages. For this vulnerability to affect your JIRA instance you must have a HipChat integration established. To exploit this issue in JIRA versions 7.0.0 and higher, attackers need to...

7.5CVSS1AI score0.03743EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/07/07 12:32 a.m.59 views

CVE-2016-4319: /auditing/settings was vulnerable to CSRF

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-61803. panel The /auditing/settings resource was vulnerable to CSRF|https://en.wikipedia.org/wiki/Cross-siterequestforgery attacks...

8.8CVSS1.8AI score0.00666EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2024/04/12 12:13 a.m.58 views

Improper Authorization org.springframework.security:spring-security-core Dependency in Bitbucket Data Center and Server

This High severity org.springframework.security:spring-security-core Dependency vulnerability was introduced in versions 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0-eap01, 8.15.0, 8.16.0, 8.17.0, 8.18.0, and 8.19.0 of Bitbucket Data...

8.2CVSS8AI score0.00948EPSS
Exploits0
Atlassian
Atlassian
added 2024/04/11 8:11 a.m.58 views

SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Bamboo Data Center and Server

This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 8.2.1, 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0 and 9.5.0 of Bamboo Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...

8.1CVSS7.9AI score0.03967EPSS
Exploits1
Atlassian
Atlassian
added 2024/04/09 1:45 a.m.58 views

Improper Authorization org.springframework.security:spring-security-core Dependency in Crowd Data Center and Server

This High severity org.springframework.security:spring-security-core Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This org.springframework.security:spring-security-core Dependency vulnerability, with a CVSS Score of 8.2 and a CVSS...

8.2CVSS6.6AI score0.00948EPSS
Exploits0
Atlassian
Atlassian
added 2024/03/14 5:46 a.m.58 views

SQLi (SQL Injection) org.postgresql:postgresql Dependency in Bamboo Data Center and Server

This unexploitable Critical severity vulnerability has a lower assessed risk by Atlassian, as a result it's disclosed in the Monthly Security Bulletin instead of a Critical Security Advisory. Bamboo & Other Atlassian Data Center products are unaffected by this vulnerability as they do not use the...

10CVSS7.6AI score0.0481EPSS
Exploits0
Atlassian
Atlassian
added 2023/02/03 5:50 a.m.58 views

Jira Server/DC impacted by CVE-2022-22970 & CVE-2022-22971 via vulnerable version of Spring framework

Jira is not impacted no action is required as the vulnerability +cannot be exploited+. All Jira versions below 9.6 uses an affected version of Spring Framework, reason why the JRASERVER-74776 was published, however Jira +does not use the affected methods from the Spring+, hence +is not impacted+:...

6.5CVSS6.2AI score0.03126EPSS
Exploits1
Atlassian
Atlassian
added 2022/06/06 6:20 a.m.58 views

RCE in Confluence DataCenter via HazelCast(Confluence) Port

Summary A remote attacker who can connect to the Hazelcast service, running on port 5801 and potentially 5701, is able to execute arbitrary code on all the nodes in a Confluence Data Center through Java deserialization. Vulnerability Details Confluence Data Center uses the third-party software...

8.1CVSS4.6AI score0.03711EPSS
Exploits1
Atlassian
Atlassian
added 2021/11/30 6:48 p.m.58 views

Denial of service via an OutOfMemoryError (Tomcat CVE-2021-42340)

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to impact the application's availability via CVE-2021-42340, a Denial of Service DoS vulnerability in Apache Tomcat. The affected versions of Atlassian Jira Server and Data Center are before version 8.21.0...

7.5CVSS5.2AI score0.10997EPSS
Exploits0
Atlassian
Atlassian
added 2021/09/10 4:35 a.m.58 views

XStream upgrade to 1.4.18

h3. Problem XStream is vulnerable to security exploits such as highlighted in the image attached. i The list of CVEs can be found in https://x-stream.github.io/security.html This ticket tracks its upgrade to 1.4.18. h3. Environment Confluence v7.13 h3. Workaround Set...

8.8CVSS0.1AI score0.16118EPSS
Exploits2Affected Software1
Atlassian
Atlassian
added 2020/11/19 12:28 a.m.58 views

Information disclosure of product SEN via the x-asen response header - CVE-2020-14192

Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fixed versions:...

4.3CVSS5.1AI score0.00868EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2020/04/16 6:41 p.m.58 views

XSS in the review resource through objectives - CVE-2020-4013

The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting XSS vulnerability through the review objectives...

5.4CVSS4.4AI score0.00628EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2020/01/30 10:24 p.m.58 views

JMX monitoring flag in Jira was vulnerable to XSRF/CSRF - CVE-2019-20405

The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery CSRF vulnerability...

4.3CVSS5.4AI score0.00552EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2019/05/28 6:58 p.m.58 views

Remote code execution vulnerability for Sourcetree for Windows - CVE-2019-11582

There was an argument injection vulnerability in SourceTree for Windows in URI handlers. A remote, unauthenticated attacker was required to convince a user to interact with a crafted URL in order to exploit the vulnerability. With user interaction, an attacker could gained remote code execution o...

9.3CVSS4.6AI score0.04936EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2024/04/12 1:11 a.m.57 views

SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Bamboo Data Center and Server

This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 8.2.1, 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vect...

8.1CVSS7.9AI score0.03967EPSS
Exploits1
Atlassian
Atlassian
added 2024/04/10 7:45 a.m.57 views

SQLi (SQL Injection) org.postgresql:postgresql Dependency in Jira Software Data Center and Server

This Critical severity org.postgresql:postgresql Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, 9.12.0, 9.13.0, and 9.14.0 of Jira Software Data Center and Server. Jira Software Data Center is unaffected by...

10CVSS9.7AI score0.0481EPSS
Exploits0
Atlassian
Atlassian
added 2023/11/12 1:45 p.m.57 views

DoS (Denial of Service) org.jsoup:jsoup in Jira Software Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS6.5AI score0.06873EPSS
Exploits0
Atlassian
Atlassian
added 2023/11/03 12:45 a.m.57 views

Request Smuggling org.apache.tomcat:tomcat-coyote in Confluence Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in version 7.19.0 of Confluence Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N allows an unauthenticated attacker t...

7.5CVSS7.1AI score0.01448EPSS
Exploits0
Atlassian
Atlassian
added 2023/03/27 12:10 p.m.57 views

Upgrade Tomcat for CVE-2023-28708

h3. Issue Summary The version of Tomcat bundled in Jira is affected by CVE-2023-28708|https://nvd.nist.gov/vuln/detail/CVE-2023-28708 as described below: quote When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https...

4.3CVSS4.8AI score0.01831EPSS
Exploits0
Atlassian
Atlassian
added 2022/07/05 4:54 p.m.57 views

Fisheye: Multiple Servlet Filter Vulnerabilities

Multiple Servlet Filter vulnerabilities have been fixed in Fisheye. These vulnerabilities also affect other Atlassian products. For more information, refer to Atlassian's security...

9.8CVSS1.8AI score0.04244EPSS
Exploits0
Atlassian
Atlassian
added 2022/06/20 8:44 p.m.57 views

Rest API Endpoint Leaked Project Categories, Project categories, status categories, issue link types, priorities, and resolutions to Unauthorised users

Affected versions of Atlassian Jira Server and Data Center allows an Un-Authenticated attacker to view Project categories, status categories, issue link types, priorities, and resolutions via an Information Disclosure vulnerability on the following Endpoints: /rest/api/2/issueLinkType...

6.5AI score
Exploits0
Atlassian
Atlassian
added 2022/03/24 6:7 p.m.57 views

Confluence Data Center - Java Deserialization Vulnerability In Hazelcast - CVE-2016-10750

h3. Vulnerability Details Confluence Data Center uses the third-party software Hazelcast, which is vulnerable to Java deserialization attacks CVE-2016-10750|https://vulners.com/cve/CVE-2016-10750. Hazelcast provides functionality needed to run Confluence Data Center as a cluster. A remote,...

9.8CVSS2.9AI score0.71092EPSS
Exploits4
Atlassian
Atlassian
added 2021/11/30 6:48 p.m.57 views

Reflected XSS via /rest/collectors/1.0/template/custom - CVE-2021-43942

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting XSS vulnerability in the /rest/collectors/1.0/template/custom endpoint. To exploit this issue, the attacker must trick a user into visiting...

3.7AI score0.55364EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/10/18 4:31 a.m.57 views

Anonymous user can view names of private projects and filters via IDOR in Workload Pie Chart Gadget - CVE-2021-41307

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References IDOR vulnerability in the Workload Pie Chart Gadget. The affected versions are before version 8.13.1...

7.5CVSS5.8AI score0.01621EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/03/23 11:23 p.m.57 views

Username Enumeration through the render api resource - CVE-2020-36238

The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check. Affected...

5.3CVSS6AI score0.03012EPSS
Exploits1Affected Software1
Atlassian
Atlassian
added 2021/02/16 11:35 p.m.57 views

DOM XSS in the issue navigation & search view via parameter pollution - CVE-2020-36288

The issue navigation & search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.1 allows remote attackers to inject arbitrary HTML or JavaScript via a DOM Cross-Site Scripting XSS vulnerability caused b...

6.1CVSS3.2AI score0.01519EPSS
Exploits0Affected Software1
Total number of security vulnerabilities4295