CVE-2021-41304: XSS
First published: Tue Oct 26 2021(Updated: )
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Data Center | <8.13.12 | |
| Atlassian JIRA | <8.13.12 | |
| Atlassian Jira Data Center | >=8.14.0<8.20.2 | |
| Atlassian Jira Server | >=8.14.0<8.20.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-41304.
Which versions of Atlassian Jira Server and Data Center are affected by this vulnerability?
The affected versions are before version 8.13.12.
How does this vulnerability affect Atlassian Jira Server and Data Center?
This vulnerability allows anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the /secure/admin/ImporterFinishedPage.jspa error message.
What is the severity of CVE-2021-41304?
The severity of CVE-2021-41304 is medium (6.1).
How can I fix this vulnerability?
To fix this vulnerability, update Atlassian Jira Server and Data Center to version 8.13.12 or higher.
- collector/nvd-index
- vendor/atlassian
- canonical/atlassian data center
- canonical/atlassian jira
- canonical/atlassian jira data center
- version/atlassian jira data center/8.14.0
- canonical/atlassian jira server
- version/atlassian jira server/8.14.0