Description

The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1.

Remediation

References

CVE-2020-14173

Related Vulnerabilities

Django Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-6044)

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3488)

WordPress Plugin Memphis Documents Library Cross-Site Request Forgery (3.9.20)

Moodle Other Vulnerability (CVE-2004-1425)

MySQL CVE-2018-2776 Vulnerability (CVE-2018-2776)

Severity

Medium

Classification

CVE-2020-14173 CWE-707

Tags

Missing Update Known Vulnerabilities