-
Public Security Vulnerability
-
Resolution: Fixed
-
Low (View bug fix roadmap)
-
8.5.13, 8.13.5, 8.16.0
-
None
-
3.5
-
Low
-
CVE-2021-26082
Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in XML Export.
The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0.
*Affected versions:*
- version < 8.5.14
- 8.6.0 β€ version < 8.13.6
- 8.14.0 β€ version < 8.17.0
*Fixed versions:*
- 8.5.14
- 8.13.6
- 8.17.0
This is an independent assessment and you should evaluate its applicability to your own IT environment.
CVSS v3 score: 3.5 => Low severity
Exploitability Metrics
Scope Metric
Impact Metrics
https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N