CVSS: 4.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-4025
https://notcve.org/view.php?id=CVE-2020-4025
01 Jul 2020 — The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a rdf content type. El recurso de descarga de archivos adjuntos en Atlassian Jira Server y Data Center. El recurso de descarga de archivos adjuntos en Atlassian... • https://jira.atlassian.com/browse/JRASERVER-71114 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2020-4024
https://notcve.org/view.php?id=CVE-2020-4024
01 Jul 2020 — The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a vnd.wap.xhtml+xml content type. El recurso de descarga de archivos adjuntos en Atlassian Jira Server y Data Center versiones anteriores a 8.5.5, y desde versiones 8.6.0 anteriores a 8.8.2, y desde versiones 8.9.0 anteriores a 8.9.1,... • https://jira.atlassian.com/browse/JRASERVER-71113 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2020-4022
https://notcve.org/view.php?id=CVE-2020-4022
01 Jul 2020 — The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a mixed multipart content type. El recurso de descarga de archivos adjuntos en Atlassian Jira Server y Data Center versiones anteriores a 8.5.5, y desde versiones 8.6.0 anteriores a 8.8.2, y desde versiones 8.9.0 anteriores a 8.9.1, p... • https://jira.atlassian.com/browse/JRASERVER-71107 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-14169
https://notcve.org/view.php?id=CVE-2020-14169
01 Jul 2020 — The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability El componente quick search en Atlassian Jira Server y Data Center versiones anteriores a 8.9.1, permite a atacantes remotos inyectar HTML o JavaScript arbitrario por medio de una vulnerabilidad de tipo Cross-Site Scripting (XSS) • https://jira.atlassian.com/browse/JRASERVER-71205 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 0CVE-2020-14168
https://notcve.org/view.php?id=CVE-2020-14168
01 Jul 2020 — The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails between a Jira instance and the SMTP server via man-in-the-middle (MITM) vulnerability. El cliente de correo electrónico en Jira Server y Data Center versiones anteriores a 7.13.16, desde versiones 8.5.0 anteriores a 8.5.7, desde versiones 8.8.0 anteriores a 8.8.2 y desde versiones 8.9.0 anteriores a 8.9.1, per... • https://jira.atlassian.com/browse/JRASERVER-71198 •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-14167
https://notcve.org/view.php?id=CVE-2020-14167
01 Jul 2020 — The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to impact the application's availability via an Denial of Service (DoS) vulnerability. El recurso MessageBundleResource en Jira Server y Data Center versiones anteriores a 7.13.4, desde versiones 8.5.0 anteriores a 8.5.5, desde versiones 8.8.0 anteriores a 8.8.2 y desde versiones 8.9.0 anteriores a 8.9.1, permite a atac... • https://jira.atlassian.com/browse/JRASERVER-71197 •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-14165
https://notcve.org/view.php?id=CVE-2020-14165
01 Jul 2020 — The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability. El recurso UniversalAvatarResource.getAvatars en Jira Server and Data Center versiones anteriores a 8.9.0, permite a atacantes remotos obtener información sobre nombres de avatars de proyectos personalizados por medio de una vulnerabilidad de autorización inapropiada • https://jira.atlassian.com/browse/JRASERVER-71185 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-14164
https://notcve.org/view.php?id=CVE-2020-14164
01 Jul 2020 — The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by pasting javascript code into the editor field. El recurso del editor WYSIWYG en Jira Server and Data Center versiones anteriores a 8.8.2, permite a atacantes remotos inyectar nombres HTML o JavaScript arbitrarios por medio de una vulnerabilidad de tipo Cross Site Scripting (XSS) al pegar un código javascript en... • https://jira.atlassian.com/browse/JRASERVER-71184 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20416
https://notcve.org/view.php?id=CVE-2019-20416
30 Jun 2020 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the project configuration feature. The affected versions are before version 8.3.0. Las versiones afectadas del servidor y centro de datos Atlassian Jira permiten a los atacantes remotos inyectar HTML o JavaScript arbitrarios a través de una vulnerabilidad de escritura en sitios cruzados (XSS) en la característica de configuración del proye... • https://jira.atlassian.com/browse/JRASERVER-70856 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-20415
https://notcve.org/view.php?id=CVE-2019-20415
30 Jun 2020 — Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0 before 8.1.0. El servidor y centro de datos Atlassian Jira en las versiones afectadas permite a los atacantes remotos modificar la configuración de registro y perfil a través de una vulnerabilidad de falsificación de solicitudes en varios sitios (CSRF). Las ver... • https://jira.atlassian.com/browse/JRASERVER-70849 • CWE-352: Cross-Site Request Forgery (CSRF) •