Stored XSS via malicious file upload - CVE-2020-14173

2020-03-2401:48:01

security-metrics-bot

jira.atlassian.com

152

0.001 Low

EPSS

Percentile

29.3%

JSON

The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.

Affected versions

version < 8.5.4
8.6.0 ≤ version ≤ 8.7.0
8.7.0 ≤ version < 8.7.1

Fixed versions

8.5.4
8.7.1
8.8.0

CPENameOperatorVersion
jira server and data centerle7.13.0
jira server and data centerle8.7.0
jira server and data centerle7.6.15
jira server and data centerle8.5.3
jira server and data centerlt8.8.0
jira server and data centerlt8.5.4
jira server and data centerlt8.7.1
jira server and data centerle7.6.0
jira server and data centerle7.13.12
jira server and data centerle8.6.1

Name	Operator	Version
jira server and data center	le	7.13.0
jira server and data center	le	8.7.0
jira server and data center	le	7.6.15
jira server and data center	le	8.5.3
jira server and data center	lt	8.8.0
jira server and data center	lt	8.5.4
jira server and data center	lt	8.7.1
jira server and data center	le	7.6.0
jira server and data center	le	7.13.12
jira server and data center	le	8.6.1

Rows per page:

1-10 of 111

0.001 Low

EPSS

Percentile

29.3%

JSON

Related for ATLASSIAN:JRASERVER-70814