The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a mixed multipart content type.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://jira.atlassian.com/browse/JRASERVER-71107 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2020-07-01T01:35:27.992219Z
Updated: 2024-09-17T03:43:04.895Z
Reserved: 2019-12-30T00:00:00
Link: CVE-2020-4022
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-07-01T02:15:12.130
Modified: 2024-11-21T05:32:10.317
Link: CVE-2020-4022
Redhat
No data.