CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2020-14173
https://notcve.org/view.php?id=CVE-2020-14173
03 Jul 2020 — The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1. La funcionalidad file upload en Atlassian Jira Server y Data Center en las versiones afectadas, permite a atacantes remotos inyectar HTML o JavaScript arbitrario por medio de una vulnerabilidad de ... • https://jira.atlassian.com/browse/JRASERVER-70814 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-14172
https://notcve.org/view.php?id=CVE-2020-14172
03 Jul 2020 — This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates were used in Atlassian Jira Server and Data Center in affected versions allowed remote attackers to achieve remote code execution via insecure deserialization, if they were able to exploit a server side template injection vulnerability. The affected versions are before version 7.13.0, from version 8.0.0 before 8.5.0, and from v... • https://jira.atlassian.com/browse/JRASERVER-70940 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20418
https://notcve.org/view.php?id=CVE-2019-20418
03 Jul 2020 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint. The affected versions are before version 8.8.0. Las versiones afectadas de Atlassian Jira Server y Data Center, permiten a atacantes remotos impedir que los usuarios accedan a la instancia por medio de una vulnerabilidad de Denegación de Servicio de la Aplicación en el endpoint /rendering/wiki. Las v... • https://jira.atlassian.com/browse/JRASERVER-70943 •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-4029
https://notcve.org/view.php?id=CVE-2020-4029
01 Jul 2020 — The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before 8.7.2, and from 8.8.0 before 8.8.1 allows remote attackers to enumerate project names via an improper authorization vulnerability. El recurso /rest/project-templates/1.0/createshared en Atlassian Jira Server y Data Center versiones anteriores a 8.5.5, desde versiones 8.6.0 anteriores a 8.7.2 y desde versiones 8.8.0 anteriores a 8.8.1, permite a atacantes remotos enumerar nom... • https://jira.atlassian.com/browse/JRASERVER-70926 •
CVSS: 4.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-4025
https://notcve.org/view.php?id=CVE-2020-4025
01 Jul 2020 — The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a rdf content type. El recurso de descarga de archivos adjuntos en Atlassian Jira Server y Data Center. El recurso de descarga de archivos adjuntos en Atlassian... • https://jira.atlassian.com/browse/JRASERVER-71114 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2020-4024
https://notcve.org/view.php?id=CVE-2020-4024
01 Jul 2020 — The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a vnd.wap.xhtml+xml content type. El recurso de descarga de archivos adjuntos en Atlassian Jira Server y Data Center versiones anteriores a 8.5.5, y desde versiones 8.6.0 anteriores a 8.8.2, y desde versiones 8.9.0 anteriores a 8.9.1,... • https://jira.atlassian.com/browse/JRASERVER-71113 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2020-4022
https://notcve.org/view.php?id=CVE-2020-4022
01 Jul 2020 — The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a mixed multipart content type. El recurso de descarga de archivos adjuntos en Atlassian Jira Server y Data Center versiones anteriores a 8.5.5, y desde versiones 8.6.0 anteriores a 8.8.2, y desde versiones 8.9.0 anteriores a 8.9.1, p... • https://jira.atlassian.com/browse/JRASERVER-71107 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-14169
https://notcve.org/view.php?id=CVE-2020-14169
01 Jul 2020 — The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability El componente quick search en Atlassian Jira Server y Data Center versiones anteriores a 8.9.1, permite a atacantes remotos inyectar HTML o JavaScript arbitrario por medio de una vulnerabilidad de tipo Cross-Site Scripting (XSS) • https://jira.atlassian.com/browse/JRASERVER-71205 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-14165
https://notcve.org/view.php?id=CVE-2020-14165
01 Jul 2020 — The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability. El recurso UniversalAvatarResource.getAvatars en Jira Server and Data Center versiones anteriores a 8.9.0, permite a atacantes remotos obtener información sobre nombres de avatars de proyectos personalizados por medio de una vulnerabilidad de autorización inapropiada • https://jira.atlassian.com/browse/JRASERVER-71185 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-14164
https://notcve.org/view.php?id=CVE-2020-14164
01 Jul 2020 — The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by pasting javascript code into the editor field. El recurso del editor WYSIWYG en Jira Server and Data Center versiones anteriores a 8.8.2, permite a atacantes remotos inyectar nombres HTML o JavaScript arbitrarios por medio de una vulnerabilidad de tipo Cross Site Scripting (XSS) al pegar un código javascript en... • https://jira.atlassian.com/browse/JRASERVER-71184 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •