Vulnerabilities > Atlassian > Jira Software Data Center > 7.11.1

DATE CVE VULNERABILITY TITLE RISK
2020-07-01 CVE-2020-4025 Cross-site Scripting vulnerability in Atlassian products
The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a rdf content type.
network
atlassian CWE-79
3.5
3.5
2020-07-01 CVE-2020-4024 Cross-site Scripting vulnerability in Atlassian products
The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a vnd.wap.xhtml+xml content type.
network
atlassian CWE-79
3.5
3.5
2020-07-01 CVE-2020-4022 Cross-site Scripting vulnerability in Atlassian products
The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a mixed multipart content type.
network
atlassian CWE-79
4.3
4.3
2020-07-01 CVE-2020-14169 Cross-site Scripting vulnerability in Atlassian Jira
The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability
network
atlassian CWE-79
4.3
4.3
2020-07-01 CVE-2020-14168 Unspecified vulnerability in Atlassian products
The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails between a Jira instance and the SMTP server via man-in-the-middle (MITM) vulnerability.
network
atlassian
4.3
4.3
2020-07-01 CVE-2020-14167 Unspecified vulnerability in Atlassian products
The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to impact the application's availability via an Denial of Service (DoS) vulnerability.
network
low complexity
atlassian
5.0
5.0
2020-07-01 CVE-2020-14165 Incorrect Authorization vulnerability in Atlassian Jira
The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability.
network
low complexity
atlassian CWE-863
5.0
5.0
2020-07-01 CVE-2020-14164 Cross-site Scripting vulnerability in Atlassian Jira
The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by pasting javascript code into the editor field.
network
atlassian CWE-79
4.3
4.3
2020-06-30 CVE-2019-20416 Cross-site Scripting vulnerability in Atlassian Jira and Jira Software Data Center
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the project configuration feature. 		3.5
3.5
2020-06-30 CVE-2019-20415 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian products
Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability.
network
atlassian CWE-352
4.3
4.3