Every CVE whose affected-product data names Atlassian Jira, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (142)
CVE-2017-5983 — CVSS 9.8 (critical): The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote…
CVE-2020-14172 — CVSS 9.8 (critical): This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been…
CVE-2019-20409 — CVSS 9.8 (critical): The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to…
CVE-2012-2926 — CVSS 9.1 (critical): Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6…
CVE-2010-1165 — CVSS 9.0 (critical): Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka…
CVE-2017-18113 — CVSS 8.8 (high): The DefaultOSWorkflowConfigurator class in Jira Server and Jira Data Center before version 8.18.1 allows remote attackers who can trick a…
CVE-2019-8443 — CVSS 8.1 (high): The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version…
CVE-2019-20898 — CVSS 7.5 (high): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being…
CVE-2021-41307 — CVSS 7.5 (high): Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and…
CVE-2019-20413 — CVSS 7.5 (high): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of…
CVE-2021-41306 — CVSS 7.5 (high): Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an…
CVE-2021-39123 — CVSS 7.5 (high): Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to impact the application's availability…
CVE-2021-41305 — CVSS 7.5 (high): Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and…
CVE-2018-5231 — CVSS 7.5 (high): The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before…
CVE-2020-14167 — CVSS 7.5 (high): The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2…
CVE-2021-39113 — CVSS 7.5 (high): Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after…
CVE-2007-6619 — CVSS 7.5 (high): The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete…
CVE-2020-14178 — CVSS 7.5 (high): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure…
CVE-2021-41312 — CVSS 7.5 (high): Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service…
CVE-2019-8442 — CVSS 7.5 (high): The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version…
CVE-2019-3399 — CVSS 7.5 (high): The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see…
CVE-2021-26070 — CVSS 7.2 (high): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked…
CVE-2021-43947 — CVSS 7.2 (high): Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code…
CVE-2008-6531 — CVSS 6.8 (medium): The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a…
CVE-2019-20418 — CVSS 6.5 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an…
CVE-2019-11587 — CVSS 6.5 (medium): Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version…
CVE-2017-18101 — CVSS 6.5 (medium): Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version…
CVE-2019-20897 — CVSS 6.5 (medium): The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of…
CVE-2019-20410 — CVSS 6.5 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information…
CVE-2019-11583 — CVSS 6.5 (medium): The issue searching component in Jira before version 8.1.0 allows remote attackers to deny access to Jira service via denial of service…
CVE-2017-18033 — CVSS 6.5 (medium): The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing…
CVE-2021-41308 — CVSS 6.5 (medium): Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File…
CVE-2012-2928 — CVSS 6.4 (medium): The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of…
CVE-2021-26078 — CVSS 6.1 (medium): The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6…
CVE-2020-4022 — CVSS 6.1 (medium): The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before…
CVE-2016-6285 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote…
CVE-2017-14594 — CVSS 6.1 (medium): The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote…
CVE-2021-41304 — CVSS 6.1 (medium): Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a…
CVE-2017-16863 — CVSS 6.1 (medium): The PieChart gadget in Atlassian Jira before version 7.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site…
CVE-2017-16864 — CVSS 6.1 (medium): The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross…
CVE-2017-18039 — CVSS 6.1 (medium): The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML…
CVE-2017-18098 — CVSS 6.1 (medium): The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a…
CVE-2017-18100 — CVSS 6.1 (medium): The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a…
CVE-2018-13387 — CVSS 6.1 (medium): The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0…
CVE-2018-13395 — CVSS 6.1 (medium): Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5…
CVE-2018-13401 — CVSS 6.1 (medium): The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before…
CVE-2018-13402 — CVSS 6.1 (medium): Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5…
CVE-2018-20824 — CVSS 6.1 (medium): The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site…
CVE-2018-5230 — CVSS 6.1 (medium): The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version…
CVE-2018-5232 — CVSS 6.1 (medium): The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to…
CVE-2019-11584 — CVSS 6.1 (medium): The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross…
CVE-2019-11585 — CVSS 6.1 (medium): The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version…
CVE-2021-39111 — CVSS 6.1 (medium): The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before…
CVE-2019-20901 — CVSS 6.1 (medium): The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users…
CVE-2019-3402 — CVSS 6.1 (medium): The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to…
CVE-2020-14164 — CVSS 6.1 (medium): The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or…
CVE-2020-14169 — CVSS 6.1 (medium): The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or…
CVE-2021-26079 — CVSS 6.1 (medium): The CardLayoutConfigTable component in Jira Server and Jira Data Center before version 8.5.15, and from version 8.6.0 before version…
CVE-2020-36236 — CVSS 6.1 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site…
CVE-2020-36288 — CVSS 6.1 (medium): The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and…
CVE-2017-18104 — CVSS 5.9 (medium): The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers who are…
CVE-2020-14168 — CVSS 5.9 (medium): The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0…
CVE-2018-13403 — CVSS 5.4 (medium): The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from…
CVE-2020-4021 — CVSS 5.4 (medium): Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject…
CVE-2020-14184 — CVSS 5.4 (medium): Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS)…
CVE-2019-20414 — CVSS 5.4 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site…
CVE-2020-4024 — CVSS 5.4 (medium): The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before…
CVE-2021-26082 — CVSS 5.4 (medium): The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version…
CVE-2021-26083 — CVSS 5.4 (medium): Export HTML Report in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version…
CVE-2018-20827 — CVSS 5.4 (medium): The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site…
CVE-2018-20232 — CVSS 5.4 (medium): The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to…
CVE-2020-14173 — CVSS 5.4 (medium): The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or…
CVE-2012-1500 — CVSS 5.4 (medium): Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8 allows an attacker to inject arbitrary script…
CVE-2017-18097 — CVSS 5.4 (medium): The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to…
CVE-2020-14165 — CVSS 5.3 (medium): The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain…
CVE-2020-36286 — CVSS 5.3 (medium): The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from…
CVE-2020-36287 — CVSS 5.3 (medium): The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5…
CVE-2020-4028 — CVSS 5.3 (medium): Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in…
CVE-2020-14181 — CVSS 5.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure…
CVE-2020-14185 — CVSS 5.3 (medium): Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the…
CVE-2021-26069 — CVSS 5.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and enumerate…
CVE-2021-39118 — CVSS 5.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to discover the usernames and full names of users via an…
CVE-2021-39119 — CVSS 5.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue…
CVE-2020-36235 — CVSS 5.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names…
CVE-2019-20101 — CVSS 5.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view whitelist rules via a Broken Access…
CVE-2021-39122 — CVSS 5.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view users' emails via an Information…
CVE-2019-20412 — CVSS 5.3 (medium): The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the…
CVE-2021-26081 — CVSS 5.3 (medium): REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0…
CVE-2021-39125 — CVSS 5.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to discover the usernames of users via an…
CVE-2021-39127 — CVSS 5.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a…
CVE-2018-13391 — CVSS 5.3 (medium): The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before…
CVE-2019-20899 — CVSS 5.3 (medium): The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated…
CVE-2020-36289 — CVSS 5.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure…
CVE-2019-3401 — CVSS 5.3 (medium): The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to…
CVE-2020-36237 — CVSS 5.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an…
CVE-2019-3403 — CVSS 5.3 (medium): The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0…
CVE-2017-16865 — CVSS 5.3 (medium): The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via…
CVE-2019-8449 — CVSS 5.3 (medium): The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an…
CVE-2020-36238 — CVSS 5.3 (medium): The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from…
CVE-2019-20408 — CVSS 5.3 (medium): The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal…
CVE-2006-3339 — CVSS 5.0 (medium): secure/ConfigureReleaseNote.jspa in Atlassian JIRA 3.6.2-#156 allows remote attackers to obtain sensitive information via unspecified…
CVE-2007-6618 — CVSS 5.0 (medium): JIRA Enterprise Edition before 3.12.1 allows remote attackers to delete another user's shared filter via a modified filter ID.
CVE-2019-20402 — CVSS 4.9 (medium): Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without…
CVE-2021-39117 — CVSS 4.8 (medium): The AssociateFieldToScreens page in Atlassian Jira Server and Data Center before version 8.18.0 allows remote attackers to inject arbitrary…
CVE-2016-4318 — CVSS 4.8 (medium): Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name.
CVE-2019-20416 — CVSS 4.8 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site…
CVE-2020-36234 — CVSS 4.8 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site…
CVE-2020-4025 — CVSS 4.8 (medium): The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and…
CVE-2021-39112 — CVSS 4.8 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse…
CVE-2021-43945 — CVSS 4.8 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject…
CVE-2019-20100 — CVSS 4.7 (medium): The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all…
CVE-2018-13400 — CVSS 4.7 (medium): Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before…
CVE-2020-14183 — CVSS 4.3 (medium): Affected versions of Jira Server & Data Center allow a remote attacker with limited (non-admin) privileges to view a Jira instance's…
CVE-2020-14174 — CVSS 4.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure…
CVE-2019-20415 — CVSS 4.3 (medium): Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a…
CVE-2019-20411 — CVSS 4.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request…
CVE-2019-20106 — CVSS 4.3 (medium): Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before…
CVE-2020-36231 — CVSS 4.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have…
CVE-2021-26075 — CVSS 4.3 (medium): The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before…
CVE-2021-43953 — CVSS 4.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU…
CVE-2020-4029 — CVSS 4.3 (medium): The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before…
CVE-2020-29451 — CVSS 4.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate Jira projects via an Information Disclosure…
CVE-2007-6617 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterprise Edition before 3.12.1 allows remote attackers to inject…
CVE-2019-15013 — CVSS 4.3 (medium): The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version…
CVE-2019-15005 — CVSS 4.3 (medium): The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans…
CVE-2019-11588 — CVSS 4.3 (medium): The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from…
CVE-2021-39121 — CVSS 4.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira…
CVE-2019-11586 — CVSS 4.3 (medium): The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before…
CVE-2018-20826 — CVSS 4.3 (medium): The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a…
CVE-2021-39124 — CVSS 4.3 (medium): The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassian Jira Server and Data Center before version 8.16.0 allows remote…
CVE-2017-16862 — CVSS 4.3 (medium): The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist…
CVE-2014-2314 — CVSS 4.3 (medium): Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary…
CVE-2014-2313 — CVSS 4.3 (medium): Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files…
CVE-2013-5319 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA before 6.0.5…
CVE-2010-1164 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary web…
CVE-2018-13404 — CVSS 4.1 (medium): The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0…
CVE-2021-26076 — CVSS 3.7 (low): The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0…
CVE-2021-26071 — CVSS 3.5 (low): The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and…
CVE-2006-3338 — CVSS 2.6 (low): Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 allows remote attackers to inject arbitrary web script or HTML via…