Lucene search
K

4 matches found

0day.today
0day.today
added 2021/04/07 12:0 a.m.45 views

Atlassian Jira Service Desk 4.9.1 - Unrestricted File Upload to XSS Vulnerability

Exploit Title: Atlassian Jira Service Desk 4.9.1 - Unrestricted File Upload to XSS Exploit Author: Captainhook Vendor Homepage: https://www.atlassian.com/ Version: 4.10.0 Tested on: All OS CVE: CVE-2020-14166 Summary: The /servicedesk/customer/portals resource in Jira Service Desk Server and Data...

4.8CVSS0.5AI score0.0194EPSS
Exploits3
NVD
NVD
added 2020/07/01 2:15 a.m.44 views

CVE-2020-14166

The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting XSS vulnerability by uploading a html file...

4.8CVSS0.0194EPSS
Exploits3References2
CVE
CVE
added 2020/07/01 1:35 a.m.117 views

CVE-2020-14166

Affected product: Atlassian Jira Service Desk Server and Data Center. Vulnerability: Cross-Site Scripting (XSS) in the /servicedesk/customer/portals endpoint that arises when an HTML file is uploaded via the banner/upload flow. Exploitation requires project administrator privileges and can inject...

4.8CVSS4.7AI score0.0194EPSS
Exploits3References2Affected Software1
Atlassian
Atlassian
added 2020/06/18 2:45 a.m.75 views

XSS in API and Integrations - CVE-2020-14166

Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in API and Integrations. Affected versions: version 4.10.0 Fixed versions: 4.10.0...

4.8CVSS5.6AI score0.0194EPSS
Exploits3Affected Software1
Rows per page
Query Builder