The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.
References
| Link | Resource |
|---|---|
| http://packetstormsecurity.com/files/162107/Atlassian-Jira-Service-Desk-4.9.1-Cross-Site-Scripting.html | Third Party Advisory VDB Entry |
| https://jira.atlassian.com/browse/JSDSERVER-6895 | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
01 Feb 2022, 17:41
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:atlassian:jira_software_data_center:*:*:*:*:*:*:*:* |
cpe:2.3:a:atlassian:jira_service_desk:*:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_desk:*:*:*:*:data_center:*:*:* |
| First Time |
Atlassian jira Service Desk
|
|
| References | (MISC) http://packetstormsecurity.com/files/162107/Atlassian-Jira-Service-Desk-4.9.1-Cross-Site-Scripting.html - Third Party Advisory, VDB Entry |
07 Apr 2021, 22:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Information
Published : 2020-07-01 02:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-14166
Mitre link : CVE-2020-14166
CVE.ORG link : CVE-2020-14166
JSON object : View
Products Affected
atlassian
- jira_service_desk
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')