Vulnerability in Atlassian Jira Server And Data Center
CVE-2020-4022
The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS…
EPSS: 0.003 (56.6th percentile) — read the EPSS interpretation.
Affected products
- Atlassian Jira Server And Data Center — versions unspecified, 8.6.0, 8.9.0
References
- jira.atlassian.com/browse/JRASERVER-71107 (x_refsource_MISC)