CVE-2020-14184: XSS
First published: Mon Oct 12 2020(Updated: )
Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before 8.13.1.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian JIRA | <8.5.9 | |
| Atlassian Jira Server | >=8.6.0<8.12.3 | |
| Atlassian Jira Server | =8.13.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-14184?
CVE-2020-14184 is a Cross-Site Scripting (XSS) vulnerability in Atlassian Jira Server that allows remote attackers to inject arbitrary HTML or JavaScript via Jira issue filter export files.
Which versions of Atlassian Jira Server are affected?
Versions before 8.5.9, from 8.6.0 before 8.12.3, and from 8.13.0 before 8.13.1 of Atlassian Jira Server are affected.
How severe is CVE-2020-14184?
The severity of CVE-2020-14184 is medium, with a CVSS severity score of 5.4.
How can I fix CVE-2020-14184?
To fix CVE-2020-14184, it is recommended to upgrade Atlassian Jira Server to version 8.5.9 or later, version 8.12.3 or later, or version 8.13.1 or later.
Where can I find more information about CVE-2020-14184?
You can find more information about CVE-2020-14184 on the Atlassian Jira Server issue tracker at the following link: https://jira.atlassian.com/browse/JRASERVER-71652
- collector/nvd-index
- vendor/atlassian
- canonical/atlassian jira
- canonical/atlassian jira server
- version/atlassian jira server/8.6.0
- version/atlassian jira server/8.13.0