CVE-2020-14166

The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
atlassianCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
atlassianjira_service_desk
𝑥
< 4.10.0
atlassianjira_service_desk
𝑥
< 4.10.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/162107/Atlassian-Jira-Service-Desk-4.9.1-Cross-Site-Scripting.html
https://jira.atlassian.com/browse/JSDSERVER-6895
http://packetstormsecurity.com/files/162107/Atlassian-Jira-Service-Desk-4.9.1-Cross-Site-Scripting.html
https://jira.atlassian.com/browse/JSDSERVER-6895