CVE-2021-26082: XSS
First published: Tue Jul 20 2021(Updated: )
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Data Center | <8.5.14 | |
| Atlassian JIRA | <8.5.14 | |
| Atlassian Jira Data Center | >=8.6.0<8.13.6 | |
| Atlassian Jira Data Center | >=8.14.0<8.17.0 | |
| Atlassian Jira Server | >=8.6.0<8.13.6 | |
| Atlassian Jira Server | >=8.14.0<8.17.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-26082?
CVE-2021-26082 is a vulnerability in Atlassian Jira Server and Jira Data Center that allows remote attackers to inject arbitrary HTML or JavaScript via a stored cross-site scripting vulnerability.
How does CVE-2021-26082 affect Atlassian Jira?
CVE-2021-26082 affects Atlassian Jira Server and Jira Data Center versions before 8.5.14, versions 8.6.0 to 8.13.6, and versions 8.14.0 to 8.17.0.
What is the severity of CVE-2021-26082?
CVE-2021-26082 has a severity rating of medium with a CVSS score of 5.4.
How can I fix CVE-2021-26082?
To fix CVE-2021-26082, you should upgrade to Atlassian Jira Server or Jira Data Center version 8.5.14 or later.
Where can I find more information about CVE-2021-26082?
You can find more information about CVE-2021-26082 at the Atlassian Jira Server and Jira Data Center issue tracker: https://jira.atlassian.com/browse/JRASERVER-72393
- collector/nvd-index
- vendor/atlassian
- product/data center
- canonical/atlassian data center
- product/jira
- canonical/atlassian jira
- product/jira data center
- canonical/atlassian jira data center
- product/jira server
- canonical/atlassian jira server