Description

The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.

Remediation

References

CVE-2020-14166

Related Vulnerabilities

WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.25)

WordPress Plugin ALO EasyMail Newsletter Multiple Cross-Site Scripting Vulnerabilities (2.4.7)

WordPress Plugin CONTUS VBLOG-Video Blogging 'save.php' Arbitrary File Upload (1.0)

Oracle Database Server CVE-2019-2518 Vulnerability (CVE-2019-2518)

WordPress Plugin Advanced Custom Fields (ACF) Cross-Site Scripting (4.4.3)

Severity

Medium

Classification

CVE-2020-14166 CWE-707 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities