Description

The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability

Remediation

References

CVE-2020-14169

Related Vulnerabilities

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress SQL Injection (2.9.29)

TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-13422)

WordPress 4.6.x Directory Traversal (4.6 - 4.6.28)

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-4292)

WordPress Plugin WordPress Popular Posts Cross-Site Scripting (5.3.5)

Severity

Medium

Classification

CVE-2020-14169 CWE-707

Tags

Missing Update Known Vulnerabilities