CVE-2020-14166

4.8MEDIUM

Key Information:

Vendor
Atlassian
Status
Jira Service Desk Server And Data Center
Vendor
CVE Published:
1 July 2020

Summary

The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.

Affected Version(s)

Jira Service Desk Server and Data Center < 4.10.0

References

https://jira.atlassian.com/browse/JSDSERVER-6895
x_refsource_MISC
http://packetstormsecurity.com/files/162107/Atlassian-Jir...
x_refsource_MISC

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.