Description

The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by pasting javascript code into the editor field.

Remediation

References

CVE-2020-14164

Related Vulnerabilities

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Directory Traversal (1.3.42)

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-17900)

MySQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-0001)

Ruby on Rails Data Processing Errors Vulnerability (CVE-2014-3916)

WordPress Plugin OpenID Connect Generic Client Cross-Site Scripting (3.8.1)

Severity

Medium

Classification

CVE-2020-14164 CWE-707

Tags

Missing Update Known Vulnerabilities