XSS in Issue - Attachments - CVE-2020-4025

2020-05-29T05:19:09
ID ATLASSIAN:JRASERVER-71114
Type atlassian
Reporter security-metrics-bot
Modified 2021-03-08T15:40:56

Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a rdf content type.

Affected versions: * version < 8.5.5 * 8.6.0 ≤ version < 8.8.2 * 8.9.0 ≤ version < 8.9.1

Fixed versions: * 8.5.5 * 8.8.2 * 8.9.1 * 8.10.0