Description

Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before 8.13.1.

Remediation

References

CVE-2020-14184

Related Vulnerabilities

b2evolution Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-2945)

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.17)

WordPress Plugin WordPress Email Template Designer-WP HTML Mail Cross-Site Scripting (3.0.9)

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.22)

WordPress Plugin Category List Portfolio Page TimThumb Arbitrary File Upload (1.2.3)

Severity

Medium

Classification

CVE-2020-14184 CWE-707

Tags

Missing Update Known Vulnerabilities