Vulnerabilities > Atlassian > Jira Server > 8.6.0

DATE CVE VULNERABILITY TITLE RISK
2021-09-08 CVE-2021-39116 Unspecified vulnerability in Atlassian Jira Data Center
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the GIF Image Reader component.
network
atlassian
4.3
4.3
2021-08-30 CVE-2021-39111 Cross-site Scripting vulnerability in Atlassian products
The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the handling of supplied content such as from a PDF when pasted into a field such as the description field.
network
atlassian CWE-79
4.3
4.3
2021-08-25 CVE-2021-39112 Open Redirect vulnerability in Atlassian products
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature.
network
atlassian CWE-601
4.9
4.9
2021-08-16 CVE-2021-26086 Path Traversal vulnerability in Atlassian Jira Data Center
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint.
network
low complexity
atlassian CWE-22
5.0
5.0
2021-07-20 CVE-2021-26081 Unspecified vulnerability in Atlassian products
REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via a Sensitive Data Exposure vulnerability in the `/rest/api/latest/user/avatar/temporary` endpoint.
network
low complexity
atlassian
5.0
5.0
2021-07-20 CVE-2021-26082 Cross-site Scripting vulnerability in Atlassian products
The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a stored cross site scripting vulnerability.
network
atlassian CWE-79
3.5
3.5
2021-07-20 CVE-2021-26083 Cross-site Scripting vulnerability in Atlassian products
Export HTML Report in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability.
network
atlassian CWE-79
3.5
3.5
2021-06-07 CVE-2021-26078 Cross-site Scripting vulnerability in Atlassian Data Center and Jira
The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote attackers inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.
network
atlassian CWE-79
4.3
4.3
2021-06-07 CVE-2021-26079 Cross-site Scripting vulnerability in Atlassian products
The CardLayoutConfigTable component in Jira Server and Jira Data Center before version 8.5.15, and from version 8.6.0 before version 8.13.7, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.
network
atlassian CWE-79
4.3
4.3
2021-06-07 CVE-2021-26080 Cross-site Scripting vulnerability in Atlassian Jira Data Center and Jira Server
EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, and from 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.
network
atlassian CWE-79
4.3
4.3