Lucene search
AtlassianCVELIST:CVE-2020-14166HistoryJul 01, 2020 - 1:35 a.m.
CVE-2020-14166
2020-07-0101:35:26
atlassian
www.cve.org
4
EPSS
0.003
Percentile
65.7%
The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.
CNA Affected
[
{
"product": "Jira Service Desk Server and Data Center",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "4.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2020-14166
2020-07-01 02:15:11
cve
cve
CVE-2020-14166
2020-07-01 02:15:11
atlassian
atlassian
XSS in API and Integrations - CVE-2020-14166
2020-06-18 02:45:39
XSS in API and Integrations - CVE-2020-14166
2020-06-18 02:45:39
prion
prion
Cross site scripting
2020-07-01 02:15:00
packetstorm
packetstorm
Atlassian Jira Service Desk 4.9.1 Cross Site Scripting
2021-04-07 00:00:00
exploitdb
exploitdb
Atlassian Jira Service Desk 4.9.1 - Unrestricted File Upload to XSS
2021-04-07 00:00:00
zdt
zdt