CVE-2020-14164: XSS
First published: Wed Jul 01 2020(Updated: )
The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by pasting javascript code into the editor field.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian JIRA | <8.8.2 | |
| Atlassian Jira Software Data Center | <8.8.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-14164?
CVE-2020-14164 is a Cross Site Scripting (XSS) vulnerability in the WYSIWYG editor resource in Jira Server and Data Center versions prior to 8.8.2.
How does CVE-2020-14164 impact Atlassian JIRA?
CVE-2020-14164 allows remote attackers to inject arbitrary HTML or JavaScript code into Jira Server and Data Center versions prior to 8.8.2 through the WYSIWYG editor, potentially leading to unauthorized actions or data theft.
What is the severity of CVE-2020-14164?
CVE-2020-14164 has a severity rating of medium, with a CVSS score of 6.1.
How can I fix CVE-2020-14164?
To fix CVE-2020-14164, upgrade your Jira Server or Data Center installation to version 8.8.2 or later.
Where can I find more information about CVE-2020-14164?
You can find more information about CVE-2020-14164 at the following link: [JRASERVER-71184](https://jira.atlassian.com/browse/JRASERVER-71184)