WEB APPLICATION VULNERABILITIES Standard & Premium

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-14166)

Description

The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.

Remediation

References

Related Vulnerabilities

WordPress Plugin Gutenberg Forms-WordPress Form Builder Arbitrary File Upload (2.2.9)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-0950)

WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker Cross-Site Scripting (7.1.13)

PrestaShop Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-21686)

Moodle CVE-2018-1081 Vulnerability (CVE-2018-1081)

Severity

Medium

Classification

CVE-2020-14166 CWE-707 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities