CVE-2020-36288

Summary

The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.1 allows remote attackers to inject arbitrary HTML or JavaScript via a DOM Cross-Site Scripting (XSS) vulnerability caused by parameter pollution.

Affected Software

VendorProductVersion RangeStatus
AtlassianJira Serverunspecified < 8.5.12affected
AtlassianJira Server8.6.0 < unspecifiedaffected
AtlassianJira Serverunspecified < 8.13.4affected
AtlassianJira Server8.14.0 < unspecifiedaffected
AtlassianJira Serverunspecified < 8.15.1affected
AtlassianJira Data Centerunspecified < 8.5.12affected
AtlassianJira Data Center8.6.0 < unspecifiedaffected
AtlassianJira Data Centerunspecified < 8.13.4affected
AtlassianJira Data Center8.14.0 < unspecifiedaffected
AtlassianJira Data Centerunspecified < 8.15.1affected

Weaknesses

  • Cross Site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References