Description

The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1.

Remediation

References

CVE-2020-14173

Related Vulnerabilities

phpMyAdmin Improper Input Validation Vulnerability (CVE-2016-9860)

WordPress Plugin Simple Fields Cross-Site Scripting (1.4.11)

WordPress Plugin Slimstat Analytics SQL Injection (4.9.3.3)

Grafana Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-43813)

WordPress Plugin Easy Digital Downloads-Simple eCommerce for Selling Digital Files Security Bypass (3.1.1.4.1)

Severity

Medium

Classification

CVE-2020-14173 CWE-707

Tags

Missing Update Known Vulnerabilities