Vulnerabilities > Atlassian > Jira Server > 8.13.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-20 | CVE-2021-26082 | Cross-site Scripting vulnerability in Atlassian products The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a stored cross site scripting vulnerability. | 5.4 |
| 2021-07-20 | CVE-2021-26083 | Cross-site Scripting vulnerability in Atlassian products Export HTML Report in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability. | 5.4 |
| 2021-06-07 | CVE-2021-26078 | Cross-site Scripting vulnerability in Atlassian Data Center and Jira The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote attackers inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. | 6.1 |
| 2021-06-07 | CVE-2021-26079 | Cross-site Scripting vulnerability in Atlassian products The CardLayoutConfigTable component in Jira Server and Jira Data Center before version 8.5.15, and from version 8.6.0 before version 8.13.7, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. | 6.1 |
| 2021-06-07 | CVE-2021-26080 | Cross-site Scripting vulnerability in Atlassian Jira Data Center and Jira Server EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, and from 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. | 6.1 |
| 2021-05-12 | CVE-2020-36289 | Incorrect Authorization vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. | 5.3 |
| 2021-04-01 | CVE-2021-26071 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian products The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery (CSRF) vulnerability. | 3.5 |
| 2021-04-01 | CVE-2020-36286 | Unspecified vulnerability in Atlassian products The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to publicly visible issue field. | 5.3 |
| 2021-04-01 | CVE-2020-36238 | Missing Authorization vulnerability in Atlassian products The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check. | 5.3 |