Lucene search
AtlassianCVELIST:CVE-2020-4022HistoryJul 01, 2020 - 12:00 a.m.
CVE-2020-4022
2020-07-0100:00:00
atlassian
www.cve.org
0.001 Low
EPSS
Percentile
45.0%
The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a mixed multipart content type.
CNA Affected
[
{
"product": "Jira Server and Data Center",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "8.5.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.6.0",
"versionType": "custom"
},
{
"lessThan": "8.8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.9.0",
"versionType": "custom"
},
{
"lessThan": "8.9.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2020-4022
2020-07-01 02:15:12
atlassian
atlassian
XSS in Issue - Attachments - CVE-2020-4022
2020-05-28 05:13:20
XSS in Issue - Attachments - CVE-2020-4022
2020-05-28 05:13:20
nvd
nvd
CVE-2020-4022
2020-07-01 02:15:12
prion
prion
Cross site scripting
2020-07-01 02:15:00
nessus
nessus
Atlassian Jira 8.0.7 < 8.5.5 Multiple Vulnerabilities
2023-03-14 00:00:00
Atlassian Jira 8.9.0 < 8.9.1 Multiple Vulnerabilities
2023-03-14 00:00:00
Atlassian Jira 8.6.0 < 8.8.2 Multiple Vulnerabilities
2023-03-14 00:00:00