CVE-2020-9344
published 2020-03-20CVE-2020-9344: Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations.
PriorityP181medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
5.20%
91.4th percentile
Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | subversion_application_lifecycle_management | < 8.8.2 | 8.8.2 |
Detection & IOCsextracted from sources · hover to see the quote
otheralert(document.domain)
- →Nuclei-style detection: HTTP response body contains both 'alert(document.domain)' and keywords 'jira' and 'subversion' (case-insensitive), response header contains 'text/html', and HTTP status is 200 — indicating successful reflected XSS exploitation of CVE-2020-9344.
- ·The CVE affects Subversion ALM for the enterprise before version 8.8.2; reflected XSS occurs at multiple locations — the exact vulnerable endpoints are not specified in the available sources. ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jjhr-qqq3-jww9: Subversion ALM for the enterprise before 8
ghsa_unreviewed·2022-05-24
CVE-2020-9344 [MEDIUM] GHSA-jjhr-qqq3-jww9: Subversion ALM for the enterprise before 8
Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations.
VulnCheck
Atlassian subversion_application_lifecycle_management Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2020·CVSS 6.1
CVE-2020-9344 [MEDIUM] Atlassian subversion_application_lifecycle_management Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Atlassian subversion_application_lifecycle_management Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations.
Affected: Atlassian subversion_application_lifecycle_management
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-august-2024; https://www.f5.com/labs/articles/threat-intelligence/botpoke-scanner-switches-ip; https://www.f5.com/labs/articles/threat-intelligence/continued-scanning-for-cve-2023-1389
No detection rules found.
Nuclei
Jira Subversion ALM for Enterprise <8.8.2 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2020-9344 [MEDIUM] Jira Subversion ALM for Enterprise <8.8.2 - Cross-Site Scripting
Jira Subversion ALM for Enterprise alert(document.domain)"
- "jira"
- "subversion"
condition: and
case-insensitive: true
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200
# digest: 4a0a0047304502210095929a843c3de3b96b071277cbe0753a47ff903dc0ffec4a52d9a8102c9e7dea022056c19397d092c3276cbe3dcb4fcb9a7f2c9211a4931e65a914f0ff124e1704fd:922c64590222798bb761d5b6d8e72950
Greynoiseio
NoiseLetter October 2025
blogs_greynoiseio
NoiseLetter October 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Recorded Future
Analyze Recent Atlassian Vulnerabilities and Keep Your Infrastructure Protected
blogs_recorded_future·CVSS 9.6
[CRITICAL] Analyze Recent Atlassian Vulnerabilities and Keep Your Infrastructure Protected
# Analyze Recent Atlassian Vulnerabilities and Keep Your Infrastructure Protected
For years, software solutions built by Atlassian have found their way to nearly every organization's software stack. Tools such as JIRA, Confluence, Bamboo, and BitBucket are often seen playing a crucial role in various departments across enterprises.
From managing projects or handling organization-wide documentation, to hosting the very code of a product being developed by the organization, the constant reliance upon and amount of historical data held within these applications have turned them into a lucrative target for attackers, expanding the attack surface in the process.
## Historical Atlassian Vulnerabilities
Traditionally, vulnerabilities within the Atlassian software stack have originated from di
https://kintosoft.atlassian.net/wiki/spaces/SVNALM/pages/753565697/Security+Bulletinhttps://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-007.txthttps://kintosoft.atlassian.net/wiki/spaces/SVNALM/pages/753565697/Security+Bulletinhttps://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-007.txt
2020-03-20
Published
Exploited in the wild