Vulnerability Description
The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Atlassian | Jira Service Desk | < 4.10.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/162107/Atlassian-Jira-Service-Desk-4.9.1-CrThird Party AdvisoryVDB Entry
- https://jira.atlassian.com/browse/JSDSERVER-6895Issue TrackingVendor Advisory
- http://packetstormsecurity.com/files/162107/Atlassian-Jira-Service-Desk-4.9.1-CrThird Party AdvisoryVDB Entry
- https://jira.atlassian.com/browse/JSDSERVER-6895Issue TrackingVendor Advisory
FAQ
What is CVE-2020-14166?
CVE-2020-14166 is a vulnerability with a CVSS score of 4.8 (MEDIUM). The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or J...
How severe is CVE-2020-14166?
CVE-2020-14166 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-14166?
Check the references section above for vendor advisories and patch information. Affected products include: Atlassian Jira Service Desk.