← back
CVE-2021-26078

CVE-2021-26078

EPSS 3.8%
The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote attackers inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.
Affected products
Atlassian · Jira Data CenterAtlassian · Jira Server
public PoCs found2
cve_referencepacketstormsecurity.com/files/163289/Atlassian-Jira-Server-Data-Center-8.16.0-Cross-Site-Scripting.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50068unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/163289/Atlassian-Jira-Server-Data-Center-8.16.0-Cross-Site-Scripting.htmlhttps://jira.atlassian.com/browse/JRASERVER-72392