CVE-2020-14166: XSS
First published: Wed Jul 01 2020(Updated: )
The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Jira Service Desk | <4.10.0 | |
| Atlassian Jira Service Desk | <4.10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-14166?
CVE-2020-14166 is a Cross Site Scripting (XSS) vulnerability in Jira Service Desk Server and Data Center before version 4.10.0.
How does CVE-2020-14166 affect Jira Service Desk?
CVE-2020-14166 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an XSS vulnerability by uploading an HTML file.
What is the severity of CVE-2020-14166?
CVE-2020-14166 has a severity rating of 4.8, which is considered medium.
How can I fix CVE-2020-14166?
To fix CVE-2020-14166, you should upgrade Jira Service Desk Server and Data Center to version 4.10.0 or later.
Where can I find more information about CVE-2020-14166?
You can find more information about CVE-2020-14166 at the following references: [Packetstorm Security](http://packetstormsecurity.com/files/162107/Atlassian-Jira-Service-Desk-4.9.1-Cross-Site-Scripting.html) and [Atlassian Jira Issue](https://jira.atlassian.com/browse/JSDSERVER-6895).
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/tags
- agent/event
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/atlassian
- canonical/atlassian jira service desk