cbcvebase.
CVE-2020-9344
published 2020-03-20

CVE-2020-9344: Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations.

PriorityP181medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
5.20%
91.4th percentile
Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations.

Affected

1 ranges
VendorProductVersion rangeFixed in
atlassiansubversion_application_lifecycle_management< 8.8.28.8.2

Detection & IOCsextracted from sources · hover to see the quote

otheralert(document.domain)
  • Nuclei-style detection: HTTP response body contains both 'alert(document.domain)' and keywords 'jira' and 'subversion' (case-insensitive), response header contains 'text/html', and HTTP status is 200 — indicating successful reflected XSS exploitation of CVE-2020-9344.
  • ·The CVE affects Subversion ALM for the enterprise before version 8.8.2; reflected XSS occurs at multiple locations — the exact vulnerable endpoints are not specified in the available sources.

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.