Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Atlassian Jira Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2020-14166 - Vulnerability Database
Atlassian Jira

Atlassian Jira Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2020-14166

Medium
Reference: CVE-2020-14166
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-14166
Title: Atlassian Jira Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.