CVE-2020-14166

MEDIUM

Atlassian Jira Service Desk < 4.10.0 - XSS

Title source: rule

Description

The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.

Exploits (1)

exploitdb WRITEUP
by Captain_hook · textwebappsmultiple
https://www.exploit-db.com/exploits/49748

References (2)

Scores

CVSS v3 4.8
EPSS 0.0076
EPSS Percentile 73.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
atlassian/jira_service_desk < 4.10.0 (2 CPE variants)
Published Jul 01, 2020
Tracked Since Feb 18, 2026