Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-4021)

Description

Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the XML export view.

Remediation

References

CVE-2020-4021

Related Vulnerabilities

Internet Information Services Other Vulnerability (CVE-2003-0224)

Liferay Portal Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2022-42129)

WordPress Plugin WooCommerce Export Orders and More Cross-Site Scripting (2.0.10)

PHP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-1581)

Joomla! Core 1.5.x Session Fixation (1.5.0 - 1.5.15)

Severity

Medium

Classification

CVE-2020-4021 CWE-707