Published: 07/06/2021 Updated: 30/03/2022

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

The CardLayoutConfigTable component in Jira Server and Jira Data Center before version 8.5.15, and from version 8.6.0 before version 8.13.7, and from version 8.14.0 prior to 8.17.0 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
atlassian data center
atlassian jira data center
atlassian jira
atlassian jira server

Use at your own risk CVE-2021-26079 Exploit Windows Binary PoC /CVE-2021-26079exe will run the exploit /CVE-2021-26079exe Target IP /CVE-2021-26079exe wwwexamplecom Running the exploit on Linux Change the target IP in CVE-2021-26079sh then do: chmod +x CVE-2021-26079sh /CVE-2021-26079sh Target IP /CVE-2021-26079sh wwwexam

CWE-79 https://jira.atlassian.com/browse/JRASERVER-72396 https://github.com/JamesGeeee/CVE-2021-26079 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-26079

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect