WEB APPLICATION VULNERABILITIES Standard & Premium

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-14166)

Description

The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.

Remediation

References

Related Vulnerabilities

Piwigo Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2013-1469)

WordPress Plugin Fetch Tweets Cross-Site Scripting (2.6.4)

WordPress Plugin Responsive Filterable Portfolio Unspecified Vulnerability (1.0.8)

Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5383)

PHP Resource Management Errors Vulnerability (CVE-2012-0781)

Severity

Medium

Classification

CVE-2020-14166 CWE-707 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities