Atlassian Jira Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2020-14166 - Vulnerability Database

Atlassian Jira Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2020-14166

Medium
Reference: CVE-2020-14166
Title: Atlassian Jira Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.