Vulnerabilities > Atlassian > Jira Data Center > 8.16.0

DATE CVE VULNERABILITY TITLE RISK
2021-07-20 CVE-2021-26081 Unspecified vulnerability in Atlassian products
REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via a Sensitive Data Exposure vulnerability in the `/rest/api/latest/user/avatar/temporary` endpoint.
network
low complexity
atlassian
5.3
5.3
2021-07-20 CVE-2021-26082 Cross-site Scripting vulnerability in Atlassian products
The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a stored cross site scripting vulnerability.
network
low complexity
atlassian CWE-79
5.4
5.4
2021-07-20 CVE-2021-26083 Cross-site Scripting vulnerability in Atlassian products
Export HTML Report in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability.
network
low complexity
atlassian CWE-79
5.4
5.4
2021-06-07 CVE-2021-26079 Cross-site Scripting vulnerability in Atlassian products
The CardLayoutConfigTable component in Jira Server and Jira Data Center before version 8.5.15, and from version 8.6.0 before version 8.13.7, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.
network
low complexity
atlassian CWE-79
6.1
6.1
2021-06-07 CVE-2021-26080 Cross-site Scripting vulnerability in Atlassian Jira Data Center and Jira Server
EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, and from 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.
network
low complexity
atlassian CWE-79
6.1
6.1