WEB APPLICATION VULNERABILITIES Standard & Premium

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-36234)

Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.

Remediation

References

Related Vulnerabilities

WordPress Plugin Candidate Application Form Arbitrary File Download (1.0)

WordPress Plugin Echo Sign Multiple Cross-Site Scripting Vulnerabilities (1.1)

WordPress Plugin Abandoned Cart Recovery for WooCommerce Cross-Site Request Forgery (1.0.4)

MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-31554)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-7887)

Severity

Medium

Classification

CVE-2020-36234 CWE-707

Tags

Missing Update Known Vulnerabilities