Cross-Site Scripting Vulnerability in Jira Service Desk Server and Data Center
CVE-2020-14166

4.8MEDIUM

Key Information:

Vendor: Atlassian
Status: Jira Service Desk Server And Data Center
Vendor: CVE Published:; 1 July 2020

What is CVE-2020-14166?

A vulnerability in Jira Service Desk Server and Data Center prior to version 4.10.0 allows remote attackers with project administrator privileges to exploit a cross-site scripting (XSS) flaw. This occurs when an attacker uploads a malicious HTML file, enabling them to inject arbitrary HTML or JavaScript within the customer portal. The result can lead to serious implications for impacted users, including the potential for data theft or session hijacking.

Affected Version(s)

Jira Service Desk Server and Data Center < 4.10.0

References

https://jira.atlassian.com/browse/JSDSERVER-6895

x_refsource_MISC

http://packetstormsecurity.com/files/162107/Atlassian-Jir...

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 1, 2020
Vulnerability Reserved
Jun 16, 2020