• 3.5
    • Low
    • CVE-2021-26082

      Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in XML Export.

      The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0.

      *Affected versions:*

      • version < 8.5.14
      • 8.6.0 ≀ version < 8.13.6
      • 8.14.0 ≀ version < 8.17.0

      *Fixed versions:*

      • 8.5.14
      • 8.13.6
      • 8.17.0

            [JRASERVER-72393] Stored XSS on Jira Issue XML Export - CVE-2021-26082

            This is an independent assessment and you should evaluate its applicability to your own IT environment.

            CVSS v3 score: 3.5 => Low severity

            Exploitability Metrics

            Attack Vector Network
            Attack Complexity Low
            Privileges Required Low
            User Interaction Required

            Scope Metric

            Scope Unchanged

            Impact Metrics

            Confidentiality None
            Integrity Low
            Availability None

            https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

            Jamal Hopwood πŸ™ added a comment - This is an independent assessment and you should evaluate its applicability to your own IT environment. CVSS v3 score: 3.5 => Low severity Exploitability Metrics Attack Vector Network Attack Complexity Low Privileges Required Low User Interaction Required Scope Metric Scope Unchanged Impact Metrics Confidentiality None Integrity Low Availability None https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

              8720c7add7cc Jamal Hopwood πŸ™
              security-metrics-bot Security Metrics Bot
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: