Lucene search
AtlassianCVELIST:CVE-2020-4025HistoryJul 01, 2020 - 12:00 a.m.
CVE-2020-4025
2020-07-0100:00:00
atlassian
www.cve.org
0.001 Low
EPSS
Percentile
29.3%
The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a rdf content type.
CNA Affected
[
{
"product": "Jira Server and Data Center",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "8.5.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.6.0",
"versionType": "custom"
},
{
"lessThan": "8.8.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.9.0",
"versionType": "custom"
},
{
"lessThan": "8.9.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
atlassian
atlassian
XSS in Issue - Attachments - CVE-2020-4025
2020-05-29 05:19:09
XSS in Issue - Attachments - CVE-2020-4025
2020-05-29 05:19:09
cve
cve
CVE-2020-4025
2020-07-01 02:15:12
prion
prion
Cross site scripting
2020-07-01 02:15:00
nvd
nvd
CVE-2020-4025
2020-07-01 02:15:12
ibm
ibm
nessus
nessus