// For flags

CVE-2020-14166

Atlassian Jira Service Desk 4.9.1 - Unrestricted File Upload to XSS

Severity Score

4.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.

El recurso /servicedesk/customer/portals en Jira Service Desk Server y Data Center versiones anteriores a 4.10.0, permite a atacantes remotos con privilegios de administrador de proyectos inyectar nombres HTML o JavaScript arbitrarios por medio de una vulnerabilidad de tipo Cross Site Scripting (XSS) mediante la carga de un archivo html

Atlassian Jira Service Desk version 4.9.1 suffers from a cross site scripting vulnerability via a file upload.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-06-16 CVE Reserved
  • 2020-07-01 CVE Published
  • 2021-04-07 First Exploit
  • 2024-09-16 CVE Updated
  • 2024-10-10 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Atlassian
Search vendor "Atlassian"
Jira Service Desk
Search vendor "Atlassian" for product "Jira Service Desk"
< 4.10.0
Search vendor "Atlassian" for product "Jira Service Desk" and version " < 4.10.0"
data_center
Affected
Atlassian
Search vendor "Atlassian"
Jira Service Desk
Search vendor "Atlassian" for product "Jira Service Desk"
< 4.10.0
Search vendor "Atlassian" for product "Jira Service Desk" and version " < 4.10.0"
server
Affected