The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a vnd.wap.xhtml+xml content type.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://jira.atlassian.com/browse/JRASERVER-71113 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2020-07-01T01:35:28.416457Z
Updated: 2024-09-16T17:15:19.346Z
Reserved: 2019-12-30T00:00:00
Link: CVE-2020-4024
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-07-01T02:15:12.193
Modified: 2024-11-21T05:32:10.537
Link: CVE-2020-4024
Redhat
No data.