Jira Software Data Center Security Vulnerabilities and Issues — Jira Software Data Center CVE List

Lucene search

AtlassianJira Software Data Center

9 matches found

CVE•added 2021/02/15 12:15 a.m.•91 views

CVE-2020-36236

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected versions are before version 8.5.11, from version 8.6...

6.1CVSS5.8AI score0.0047EPSS

CVE•added 2020/07/01 2:15 a.m.•79 views

CVE-2020-4022

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a mixed multipart con...

6.1CVSS5.8AI score0.00405EPSS

CVE•added 2021/10/26 5:15 a.m.•72 views

CVE-2021-41308

Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the ReplicationSettings!default.jspa endpoint. The affected versions are before version 8.6.0, fro...

6.5CVSS6.3AI score0.00243EPSS

CVE•added 2020/07/01 2:15 a.m.•69 views

CVE-2020-14169

The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability

6.1CVSS5.9AI score0.00334EPSS

CVE•added 2020/07/01 2:15 a.m.•58 views

CVE-2020-14164

The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by pasting javascript code into the editor field.

6.1CVSS6AI score0.00389EPSS

CVE•added 2020/07/03 1:15 a.m.•54 views

CVE-2019-20418

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint. The affected versions are before version 8.8.0.

6.5CVSS6.4AI score0.00419EPSS

CVE•added 2020/06/29 6:15 a.m.•52 views

CVE-2019-20410

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. The affected versions are before version 7.6.17, from version 7.7.0 before 7.13.9, and from version 8.0.0 b...

6.5CVSS6.1AI score0.00529EPSS

CVE•added 2021/11/01 11:15 p.m.•51 views

CVE-2021-41310

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Associated Projects feature (/secure/admin/AssociatedProjectsForCustomField.jspa). The affected versions are befor...

6.1CVSS5.9AI score0.00389EPSS

CVE•added 2020/07/13 1:15 a.m.•50 views

CVE-2019-20897

The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1.

6.5CVSS6.2AI score0.0083EPSS