Vulnerability in Atlassian Jira Server And Data Center
CVE-2020-4024
The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS…
EPSS: 0.003 (50.7th percentile) — read the EPSS interpretation.
Affected products
- Atlassian Jira Server And Data Center — versions unspecified, 8.6.0, 8.9.0
References
- jira.atlassian.com/browse/JRASERVER-71113 (x_refsource_MISC)