Cross site scripting

2020-07-0102:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

45.0%

JSON

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a mixed multipart content type.

CPENameOperatorVersion
jiralt8.5.5
jira_data_centerge8.9.0
jira_data_centerlt8.9.1
jira_data_centerge8.6.0
jira_data_centerlt8.8.2
jira_serverge8.6.0
jira_serverlt8.8.2
jira_serverge8.9.0
jira_serverlt8.9.1
jira_software_data_centerlt8.5.5

Name	Operator	Version
jira	lt	8.5.5
jira_data_center	ge	8.9.0
jira_data_center	lt	8.9.1
jira_data_center	ge	8.6.0
jira_data_center	lt	8.8.2
jira_server	ge	8.6.0
jira_server	lt	8.8.2
jira_server	ge	8.9.0
jira_server	lt	8.9.1
jira_software_data_center	lt	8.5.5

References

jira.atlassian.com/browse/JRASERVER-71107

0.001 Low

EPSS

Percentile

45.0%

JSON

Related for PRION:CVE-2020-4022