Vulnerabilities > Atlassian > Jira Data Center > 8.13.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-10 | CVE-2022-36801 | Cross-site Scripting vulnerability in Atlassian Jira Data Center Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (RXSS) vulnerability in the TeamManagement.jspa endpoint. | 6.1 |
| 2022-08-01 | CVE-2022-36799 | Code Injection vulnerability in Atlassian Jira Data Center and Jira Server This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. | 7.2 |
| 2022-07-20 | CVE-2022-26136 | Improper Authentication vulnerability in Atlassian products A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. | 9.8 |
| 2022-07-20 | CVE-2022-26137 | Origin Validation Error vulnerability in Atlassian products A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. | 8.8 |
| 2022-06-30 | CVE-2022-26135 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian products A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. | 6.5 |
| 2022-04-20 | CVE-2022-0540 | Unspecified vulnerability in Atlassian Jira Data Center and Jira Service Management A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. | 9.8 |
| 2022-03-08 | CVE-2021-43944 | Code Injection vulnerability in Atlassian Jira Server This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. | 7.2 |
| 2022-02-15 | CVE-2021-43952 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira Server Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configuration of fields via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/RestoreDefaults.jspa endpoint. | 4.3 |
| 2022-01-05 | CVE-2021-43946 | Unspecified vulnerability in Atlassian Jira Data Center Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. | 6.5 |
| 2021-11-01 | CVE-2021-41313 | Unspecified vulnerability in Atlassian Jira Server Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. | 4.3 |