-
Public Security Vulnerability
-
Resolution: Fixed
-
Low
-
8.13.11, 8.19.1
-
None
-
4.2
-
Medium
-
CVE-2021-41304
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the /secure/admin/ImporterFinishedPage.jspa error message.
The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.2.
Affected versions:
- version < 8.13.12
- 8.14.0 ≤ version < 8.20.2
Fixed versions:
- 8.13.12
- 8.20.2
- 8.21.0