XSS in Navigation - Search - CVE-2020-14169

2020-06-1904:05:17

security-metrics-bot

jira.atlassian.com

0.001 Low

EPSS

Percentile

45.1%

JSON

The quick search component in Atlassian Jira Server and Data Center allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability.

Affected versions:

version < 8.9.1

Fixed versions:

8.9.1
8.10.0

CPENameOperatorVersion
jira server and data centerlt8.9.1
jira server and data centerle8.8.1
jira server and data centerlt8.10.0
jira server and data centerle8.0.2
jira server and data centerlt8.5.9

Name	Operator	Version
jira server and data center	lt	8.9.1
jira server and data center	le	8.8.1
jira server and data center	lt	8.10.0
jira server and data center	le	8.0.2
jira server and data center	lt	8.5.9

0.001 Low

EPSS

Percentile

45.1%

JSON

Related for ATLASSIAN:JRASERVER-71205