Headline
CVE-2021-26083: [JRASERVER-72213] The name of a filter can be used to XSS users who open an "Export HTML Report" - CVE-2021-26083
Export HTML Report in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability.
Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Export HTML Report feature.
The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1.
Affected versions:
- version < 8.5.14
- 8.6.0 ≤ version < 8.13.6
- 8.14.0 ≤ version < 8.16.1
Fixed versions:
- 8.5.14
- 8.13.6
- 8.16.1
- 8.17.0