CVE-2020-14166

2020-07-0102:15:11

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.003

Percentile

65.7%

JSON

The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.

Affected configurations

Nvd

Node

atlassianjira_service_deskRange<4.10.0data_center

atlassianjira_service_deskRange<4.10.0server

VendorProductVersionCPE
atlassianjira_service_desk*cpe:2.3:a:atlassian:jira_service_desk:*:*:*:*:data_center:*:*:*
atlassianjira_service_desk*cpe:2.3:a:atlassian:jira_service_desk:*:*:*:*:server:*:*:*

Vendor	Product	Version	CPE
atlassian	jira_service_desk	*	cpe:2.3:a:atlassian:jira_service_desk:::::data_center:::*
atlassian	jira_service_desk	*	cpe:2.3:a:atlassian:jira_service_desk:::::server:::*