Description

The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability

Remediation

References

CVE-2020-14169

Related Vulnerabilities

phpMyFAQ Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-4825)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-11586)

IBM RTC Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-29701)

Elgg Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6562)

MySQL CVE-2018-2668 Vulnerability (CVE-2018-2668)

Severity

Medium

Classification

CVE-2020-14169 CWE-707

Tags

Missing Update Known Vulnerabilities