Vulnerabilities > Atlassian > Jira Server > 8.13.5

DATE CVE VULNERABILITY TITLE RISK
2021-08-16 CVE-2021-26086 Path Traversal vulnerability in Atlassian Jira Data Center
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint.
network
low complexity
atlassian CWE-22
5.0
5.0
2021-07-20 CVE-2021-26081 Unspecified vulnerability in Atlassian products
REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via a Sensitive Data Exposure vulnerability in the `/rest/api/latest/user/avatar/temporary` endpoint.
network
low complexity
atlassian
5.0
5.0
2021-07-20 CVE-2021-26082 Cross-site Scripting vulnerability in Atlassian products
The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a stored cross site scripting vulnerability.
network
atlassian CWE-79
3.5
3.5
2021-07-20 CVE-2021-26083 Cross-site Scripting vulnerability in Atlassian products
Export HTML Report in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability.
network
atlassian CWE-79
3.5
3.5
2021-06-07 CVE-2021-26078 Cross-site Scripting vulnerability in Atlassian Data Center and Jira
The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote attackers inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.
network
atlassian CWE-79
4.3
4.3
2021-06-07 CVE-2021-26079 Cross-site Scripting vulnerability in Atlassian products
The CardLayoutConfigTable component in Jira Server and Jira Data Center before version 8.5.15, and from version 8.6.0 before version 8.13.7, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.
network
atlassian CWE-79
4.3
4.3
2021-06-07 CVE-2021-26080 Cross-site Scripting vulnerability in Atlassian Jira Data Center and Jira Server
EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, and from 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.
network
atlassian CWE-79
4.3
4.3