QID 730249
Date Published: 2021-11-18
QID 730249: Atlassian Jira Server and Data Center Reflected Cross-Site Scripting (XSS) Vulnerability (JRASERVER-72939)
Jira is a proprietary issue tracking product, developed by Atlassian. It provides bug tracking, issue tracking, and project management functions.
CVE-2021-41304: Affected versions of Atlassian Jira Server and Data Center allow allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the /secure/admin/ImporterFinishedPage.jspa error message.
Affected version:
Atlassian Jira Server and Data Center version prior to 8.13.12
Atlassian Jira Server and Data Center version between 8.14.0 (inclusive) and 8.20.2
QID Detection Logic:(Unauthenticated)
It checks for vulnerable version of Atlassian Jira.
Successful exploitation of this vulnerability may allow adversaries to encode source code for compilers accepting Unicode.
- JRASERVER-72939 -
jira.atlassian.com/browse/JRASERVER-72939
CVEs related to QID 730249
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| JRASERVER-72939 |
jira.atlassian.com/browse/JRASERVER-72939 |