CVE-2020-14166
Atlassian Jira Service Desk 4.9.1 - Unrestricted File Upload to XSS
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.
El recurso /servicedesk/customer/portals en Jira Service Desk Server y Data Center versiones anteriores a 4.10.0, permite a atacantes remotos con privilegios de administrador de proyectos inyectar nombres HTML o JavaScript arbitrarios por medio de una vulnerabilidad de tipo Cross Site Scripting (XSS) mediante la carga de un archivo html
Atlassian Jira Service Desk version 4.9.1 suffers from a cross site scripting vulnerability via a file upload.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-06-16 CVE Reserved
- 2020-07-01 CVE Published
- 2021-04-07 First Exploit
- 2024-09-16 CVE Updated
- 2024-10-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://packetstormsecurity.com/files/162107/Atlassian-Jira-Service-Desk-4.9.1-Cross-Site-Scripting.html | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/49748 | 2021-04-07 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://jira.atlassian.com/browse/JSDSERVER-6895 | 2022-02-01 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Atlassian Search vendor "Atlassian" | Jira Service Desk Search vendor "Atlassian" for product "Jira Service Desk" | < 4.10.0 Search vendor "Atlassian" for product "Jira Service Desk" and version " < 4.10.0" | data_center |
Affected
| ||||||
Atlassian Search vendor "Atlassian" | Jira Service Desk Search vendor "Atlassian" for product "Jira Service Desk" | < 4.10.0 Search vendor "Atlassian" for product "Jira Service Desk" and version " < 4.10.0" | server |
Affected
|