CVE-2020-14164

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.4%
top 40.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Atlassian Jira Server AND Data CenterAtlassian JiraAtlassian Jira Software Data Center
Timeline
PublishedJul 1
Latest updateMay 24

Description

The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by pasting javascript code into the editor field.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

CVEListV5atlassian/jira_server_and_data_centerunspecified8.8.2
NVDatlassian/jira< 8.8.2

🔴Vulnerability Details

2
GHSA
GHSA-wrfq-mh97-mvmc: The WYSIWYG editor resource in Jira Server and Data Center before version 82022-05-24
CVEList
CVE-2020-14164: The WYSIWYG editor resource in Jira Server and Data Center before version 82020-07-01