CVE-2020-14166
N/A
N/A
Summary
The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Atlassian | Jira Service Desk Server and Data Center | unspecified < 4.10.0 | affected |
Weaknesses
- Cross Site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
- https://jira.atlassian.com/browse/JSDSERVER-6895
- http://packetstormsecurity.com/files/162107/Atlassian-Jira-Service-Desk-4.9.1-Cross-Site-Scripting.html
References
- https://jira.atlassian.com/browse/JSDSERVER-6895
- http://packetstormsecurity.com/files/162107/Atlassian-Jira-Service-Desk-4.9.1-Cross-Site-Scripting.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.