Lucene search
AtlassianCVELIST:CVE-2020-4024HistoryJul 01, 2020 - 12:00 a.m.
CVE-2020-4024
2020-07-0100:00:00
atlassian
www.cve.org
0.001 Low
EPSS
Percentile
29.3%
The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a vnd.wap.xhtml+xml content type.
CNA Affected
[
{
"product": "Jira Server and Data Center",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "8.5.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.6.0",
"versionType": "custom"
},
{
"lessThan": "8.8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.9.0",
"versionType": "custom"
},
{
"lessThan": "8.9.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2020-4024
2020-07-01 02:15:12
prion
prion
Cross site scripting
2020-07-01 02:15:00
atlassian
atlassian
XSS in Issue - Attachments - CVE-2020-4024
2020-05-29 05:18:46
XSS in Issue - Attachments - CVE-2020-4024
2020-05-29 05:18:46
nvd
nvd
CVE-2020-4024
2020-07-01 02:15:12
nessus
nessus
Atlassian Jira 8.0.7 < 8.5.5 Multiple Vulnerabilities
2023-03-14 00:00:00
Atlassian Jira 8.9.0 < 8.9.1 Multiple Vulnerabilities
2023-03-14 00:00:00
Atlassian Jira 8.6.0 < 8.8.2 Multiple Vulnerabilities
2023-03-14 00:00:00