Description

Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the XML export view.

Remediation

References

CVE-2020-4021

Related Vulnerabilities

Java Unspesificed Vulnerability (CVE-2020-14803)

WordPress Plugin Parallax Scroll Cross-Site Scripting (2.0.1)

WordPress Plugin AB Press Optimizer Multiple Cross-Site Scripting Vulnerabilities (1.1.1)

WordPress Plugin Caldera Forms-More Than Contact Forms Cross-Site Scripting (1.5.4)

WordPress Plugin FreshMail For WordPress Multiple SQL Injection Vulnerabilities (1.5.8)

Severity

Medium

Classification

CVE-2020-4021 CWE-707

Tags

Missing Update Known Vulnerabilities