4 matches found
Atlassian Jira Service Desk 4.9.1 - Unrestricted File Upload to XSS Vulnerability
Exploit Title: Atlassian Jira Service Desk 4.9.1 - Unrestricted File Upload to XSS Exploit Author: Captainhook Vendor Homepage: https://www.atlassian.com/ Version: 4.10.0 Tested on: All OS CVE: CVE-2020-14166 Summary: The /servicedesk/customer/portals resource in Jira Service Desk Server and Data...
CVE-2020-14166
The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting XSS vulnerability by uploading a html file...
CVE-2020-14166
Affected product: Atlassian Jira Service Desk Server and Data Center. Vulnerability: Cross-Site Scripting (XSS) in the /servicedesk/customer/portals endpoint that arises when an HTML file is uploaded via the banner/upload flow. Exploitation requires project administrator privileges and can inject...
XSS in API and Integrations - CVE-2020-14166
Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in API and Integrations. Affected versions: version 4.10.0 Fixed versions: 4.10.0...