Vulnerabilities > Atlassian > Jira > 8.5.5

DATE CVE VULNERABILITY TITLE RISK
2021-02-15 CVE-2020-36236 Cross-site Scripting vulnerability in Atlassian products
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints.
network
low complexity
atlassian CWE-79
6.1
6.1
2021-02-15 CVE-2020-36235 Unspecified vulnerability in Atlassian Jira
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names via an Information Disclosure vulnerability in the mobile site view.
network
low complexity
atlassian
5.3
5.3
2021-02-15 CVE-2020-36234 Cross-site Scripting vulnerability in Atlassian products
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view.
network
low complexity
atlassian CWE-79
4.8
4.8
2021-02-02 CVE-2020-36231 Authorization Bypass Through User-Controlled Key vulnerability in Atlassian products
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability.
network
low complexity
atlassian CWE-639
4.3
4.3
2020-10-12 CVE-2020-14184 Cross-site Scripting vulnerability in Atlassian Jira
Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files.
network
low complexity
atlassian CWE-79
5.4
5.4
2020-07-13 CVE-2019-20898 Unspecified vulnerability in Atlassian Jira Software Data Center
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen.
network
low complexity
atlassian
7.5
7.5
2020-07-03 CVE-2019-20418 Unspecified vulnerability in Atlassian Jira Software Data Center
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint.
network
low complexity
atlassian
6.5
6.5
2020-07-01 CVE-2020-14169 Cross-site Scripting vulnerability in Atlassian Jira
The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability
network
low complexity
atlassian CWE-79
6.1
6.1
2020-07-01 CVE-2020-14165 Unspecified vulnerability in Atlassian Jira
The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability.
network
low complexity
atlassian
5.3
5.3
2020-07-01 CVE-2020-14164 Cross-site Scripting vulnerability in Atlassian Jira
The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by pasting javascript code into the editor field.
network
low complexity
atlassian CWE-79
6.1
6.1