Vulnerabilities > Atlassian > Jira Data Center > 8.8.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-30 | CVE-2021-39111 | Cross-site Scripting vulnerability in Atlassian products The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the handling of supplied content such as from a PDF when pasted into a field such as the description field. | 4.3 |
| 2021-08-25 | CVE-2021-39112 | Open Redirect vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. | 4.9 |
| 2021-08-16 | CVE-2021-26086 | Path Traversal vulnerability in Atlassian Jira Data Center Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. | 5.0 |
| 2021-07-20 | CVE-2021-26081 | Unspecified vulnerability in Atlassian products REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via a Sensitive Data Exposure vulnerability in the `/rest/api/latest/user/avatar/temporary` endpoint. | 5.0 |
| 2021-07-20 | CVE-2021-26082 | Cross-site Scripting vulnerability in Atlassian products The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a stored cross site scripting vulnerability. | 3.5 |
| 2021-07-20 | CVE-2021-26083 | Cross-site Scripting vulnerability in Atlassian products Export HTML Report in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability. | 3.5 |
| 2021-06-07 | CVE-2021-26079 | Cross-site Scripting vulnerability in Atlassian products The CardLayoutConfigTable component in Jira Server and Jira Data Center before version 8.5.15, and from version 8.6.0 before version 8.13.7, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. | 4.3 |
| 2021-06-07 | CVE-2021-26080 | Cross-site Scripting vulnerability in Atlassian Jira Data Center and Jira Server EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, and from 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. | 4.3 |
| 2021-05-12 | CVE-2020-36289 | Information Exposure vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. | 5.0 |
| 2021-04-15 | CVE-2021-26076 | Unspecified vulnerability in Atlassian products The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.0 allows remote anonymous attackers who can perform an attacker in the middle attack to learn which mode a user is editing in due to the cookie not being set with a secure attribute if Jira was configured to use https. network atlassian | 4.3 |