QID 730249

Date Published: 2021-11-18

QID 730249: Atlassian Jira Server and Data Center Reflected Cross-Site Scripting (XSS) Vulnerability (JRASERVER-72939)

Jira is a proprietary issue tracking product, developed by Atlassian. It provides bug tracking, issue tracking, and project management functions.

CVE-2021-41304: Affected versions of Atlassian Jira Server and Data Center allow allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the /secure/admin/ImporterFinishedPage.jspa error message.

Affected version:
Atlassian Jira Server and Data Center version prior to 8.13.12
Atlassian Jira Server and Data Center version between 8.14.0 (inclusive) and 8.20.2

QID Detection Logic:(Unauthenticated)
It checks for vulnerable version of Atlassian Jira.

Successful exploitation of this vulnerability may allow adversaries to encode source code for compilers accepting Unicode.

  • CVSS V3 rated as High - 6.1 severity.
  • CVSS V2 rated as Medium - 4.3 severity.
  • Solution
    Customers are advised to refer to JRASERVER-72939 for updates pertaining to this vulnerability.
    Vendor References

    CVEs related to QID 730249

    Software Advisories
    Advisory ID Software Component Link
    JRASERVER-72939 URL Logo jira.atlassian.com/browse/JRASERVER-72939