Product:

Jira

(Atlassian)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 143
Date Id Summary Products Score Patch Annotated
2020-07-01 CVE-2020-14164 The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by pasting javascript code into the editor field. Jira, Jira_software_data_center 6.1
2020-07-01 CVE-2020-14165 The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability. Jira, Jira_software_data_center 5.3
2020-07-01 CVE-2020-14167 The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to impact the application's availability via an Denial of Service (DoS) vulnerability. Jira, Jira_data_center, Jira_server, Jira_software_data_center 7.5
2020-07-01 CVE-2020-14168 The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails between a Jira instance and the SMTP server via man-in-the-middle (MITM) vulnerability. Jira, Jira_data_center, Jira_server, Jira_software_data_center 5.9
2020-07-01 CVE-2020-14169 The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability Jira, Jira_software_data_center 6.1
2020-07-01 CVE-2020-4022 The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a mixed multipart content type. Jira, Jira_data_center, Jira_server, Jira_software_data_center 6.1
2020-07-01 CVE-2020-4024 The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a vnd.wap.xhtml+xml content type. Jira, Jira_data_center, Jira_server, Jira_software_data_center 5.4
2020-07-01 CVE-2020-4025 The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a rdf content type. Jira, Jira_data_center, Jira_server, Jira_software_data_center 4.8
2020-07-01 CVE-2020-4029 The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before 8.7.2, and from 8.8.0 before 8.8.1 allows remote attackers to enumerate project names via an improper authorization vulnerability. Jira, Jira_data_center, Jira_server, Jira_software_data_center 4.3
2020-07-03 CVE-2020-14172 This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates were used in Atlassian Jira Server and Data Center in affected versions allowed remote attackers to achieve remote code execution via insecure deserialization, if they were able to exploit a server side template injection vulnerability. The affected versions are before version 7.13.0, from version 8.0.0 before... Jira, Jira_software_data_center 9.8