CVE-2020-36234

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

4.8MEDIUM

EPSS

0.2%

top 59.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Jira Data Center Atlassian Jira Server Atlassian Data Center +1 more

Timeline

PublishedFeb 15

Latest updateMay 24

Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages6 packages

▶CVEListV5atlassian/jira_data_centerunspecified — 8.5.11+4

▶NVDatlassian/jira_data_center8.14.0 — 8.15.0

▶CVEListV5atlassian/jira_serverunspecified — 8.5.11+4

▶NVDatlassian/data_center8.6.0 — 8.13.3+1

▶NVDatlassian/jira_server8.6.0 — 8.13.3+1

🔴Vulnerability Details

GHSA

GHSA-r7f3-7vg8-6678: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (X↗2022-05-24

▶

CVEList

CVE-2020-36234: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (X↗2021-02-15

▶