The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/162107/Atlassian-Jira-Service-Desk-4.9.1-Cross-Site-Scripting.html | Third Party Advisory VDB Entry |
https://jira.atlassian.com/browse/JSDSERVER-6895 | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
01 Feb 2022, 17:41
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/162107/Atlassian-Jira-Service-Desk-4.9.1-Cross-Site-Scripting.html - Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:* |
cpe:2.3:a:atlassian:jira_service_desk:*:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_desk:*:*:*:*:server:*:*:* |
Information
Published : 2020-07-01 02:15
Updated : 2024-02-04 21:00
NVD link : CVE-2020-14166
Mitre link : CVE-2020-14166
CVE.ORG link : CVE-2020-14166
JSON object : View
Products Affected
atlassian
- jira_service_desk
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')