First published: Mon Nov 01 2021(Updated: )
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Associated Projects feature (/secure/admin/AssociatedProjectsForCustomField.jspa). The affected versions are before version 8.5.19, from version 8.6.0 before 8.13.11, and from version 8.14.0 before 8.19.1.
Credit: security@atlassian.com security@atlassian.com
Affected Software | Affected Version | How to fix |
---|---|---|
Atlassian Jira Software Data Center | <8.5.19 | |
Atlassian Jira Software Data Center | >=8.6.0<8.13.11 | |
Atlassian Jira Software Data Center | >=8.14.0<8.19.1 | |
<8.5.19 | ||
>=8.6.0<8.13.11 | ||
>=8.14.0<8.19.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-41310 is a Cross-Site Scripting (XSS) vulnerability in the Associated Projects feature of Atlassian Jira Server and Data Center.
Anonymous remote attackers can exploit CVE-2021-41310 by injecting arbitrary HTML or JavaScript through the affected feature.
Affected versions of Atlassian Jira Server and Data Center are before 8.5.19, between 8.6.0 and 8.13.11, and between 8.14.0 and 8.19.1.
CVE-2021-41310 has a severity rating of 6.1 (Medium).
Yes, Atlassian has released patches to address the vulnerability. It is recommended to upgrade to a fixed version of Atlassian Jira Software Data Center.