Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.

Remediation

References

CVE-2020-36234

Related Vulnerabilities

XOOPS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2002-2391)

MediaWiki Other Vulnerability (CVE-2007-0177)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-3325)

WordPress 4.9.x Multiple Vulnerabilities (4.9 - 4.9.13)

PHP Integer Overflow or Wraparound Vulnerability (CVE-2016-5094)

Severity

Medium

Classification

CVE-2020-36234 CWE-707

Tags

Missing Update Known Vulnerabilities