Vulnerability Description
An issue was discovered in the Gantt-Chart module before 5.5.5 for Jira. Due to missing validation of user input, it is vulnerable to a persistent XSS attack. An attacker can embed the attack vectors in the dashboard of other users. To exploit this vulnerability, an attacker has to be authenticated.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gantt-Chart Project | Gantt-Chart | < 5.5.5 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/158752/Gantt-Chart-For-Jira-5.5.4-Cross-SitExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2020/Aug/1ExploitMailing ListThird Party Advisory
- https://marketplace.atlassian.com/apps/28997/gantt-chart-for-jira?hosting=cloud&ProductThird Party Advisory
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-030.tExploitThird Party Advisory
- http://packetstormsecurity.com/files/158752/Gantt-Chart-For-Jira-5.5.4-Cross-SitExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2020/Aug/1ExploitMailing ListThird Party Advisory
- https://marketplace.atlassian.com/apps/28997/gantt-chart-for-jira?hosting=cloud&ProductThird Party Advisory
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-030.tExploitThird Party Advisory
FAQ
What is CVE-2020-15944?
CVE-2020-15944 is a vulnerability with a CVSS score of 5.4 (MEDIUM). An issue was discovered in the Gantt-Chart module before 5.5.5 for Jira. Due to missing validation of user input, it is vulnerable to a persistent XSS attack. An attacker can embed the attack vectors ...
How severe is CVE-2020-15944?
CVE-2020-15944 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-15944?
Check the references section above for vendor advisories and patch information. Affected products include: Gantt-Chart Project Gantt-Chart.