Description

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a mixed multipart content type.

Remediation

References

CVE-2020-4022

Related Vulnerabilities

OpenSSL Resource Management Errors Vulnerability (CVE-2006-2937)

Squid Exposure of Resource to Wrong Sphere Vulnerability (CVE-2020-8449)

Jetty Weak Authentication Vulnerability (CVE-2023-41900)

WordPress Plugin FAQs Manager Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities (1.0)

WordPress Plugin WP Photo Album Plus Cross-Site Scripting (5.4.17)

Severity

Medium

Classification

CVE-2020-4022 CWE-707

Tags

Missing Update Known Vulnerabilities