Description

Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the XML export view.

Remediation

References

CVE-2020-4021

Related Vulnerabilities

WordPress Plugin Simple Sitemap-Create a Responsive HTML Sitemap Unspecified Vulnerability (1.53)

WordPress Plugin File Manager Pro Arbitrary File Upload (8.3.4)

Liferay Portal Other Vulnerability (CVE-2023-33946)

Ruby on Rails Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-5419)

PHP Out-of-bounds Write Vulnerability (CVE-2016-7127)

Severity

Medium

Classification

CVE-2020-4021 CWE-707

Tags

Missing Update Known Vulnerabilities