Description

Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the XML export view.

Remediation

References

CVE-2020-4021

Related Vulnerabilities

MySQL CVE-2018-2766 Vulnerability (CVE-2018-2766)

WordPress Plugin SAML SP Single Sign On-SSO login Cross-Site Scripting (4.8.72)

WordPress Plugin Easy Digital Downloads-Simple eCommerce for Selling Digital Files Cross-Site Request Forgery (2.10.2)

Zenphoto Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-0993)

WebLogic CVE-2018-3252 Vulnerability (CVE-2018-3252)

Severity

Medium

Classification

CVE-2020-4021 CWE-707

Tags

Missing Update Known Vulnerabilities