Lucene search
AtlassianCVELIST:CVE-2020-14173HistoryMar 24, 2020 - 12:00 a.m.
CVE-2020-14173
2020-03-2400:00:00
atlassian
www.cve.org
0.001 Low
EPSS
Percentile
29.3%
The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1.
CNA Affected
[
{
"product": "Jira Server",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "8.5.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.6.0",
"versionType": "custom"
},
{
"lessThan": "8.6.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.7.0",
"versionType": "custom"
},
{
"lessThan": "8.7.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
atlassian
atlassian
Stored XSS via malicious file upload - CVE-2020-14173
2020-03-24 01:48:01
Stored XSS via malicious file upload - CVE-2020-14173
2020-03-24 01:48:01
prion
prion
Cross site scripting
2020-07-03 02:15:00
nvd
nvd
CVE-2020-14173
2020-07-03 02:15:10
nessus
nessus
Atlassian Jira 7.6.x < 8.5.4, 8.6.x < 8.7.1 Stored XSS (JRASERVER-70814)
2020-08-25 00:00:00
cve
cve
CVE-2020-14173
2020-07-03 02:15:10