CVE-2020-15943
HIGHGantt-Chart < 5.5.4 - Authenticated Missing Authorization and Cross-Site Scripting
Title source: llmDescription
An issue was discovered in the Gantt-Chart module before 5.5.4 for Jira. Due to a missing privilege check, it is possible to read and write to the module configuration of other users. This can also be used to deliver an XSS payload to other users' dashboards. To exploit this vulnerability, an attacker has to be authenticated.
References (4)
Core 4
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-029.txt
Product, Third Party Advisory x_refsource_misc
https://marketplace.atlassian.com/apps/28997/gantt-chart-for-jira?hosting=cloud&tab=overview
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Aug/0
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/158751/Gantt-Chart-For-Jira-5.5.3-Missing-Privilege-Check.html
Scores
CVSS v3
8.1
EPSS
0.0183
EPSS Percentile
76.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-79
CWE-862
Status
published
Products (1)
gantt-chart_project/gantt-chart
< 5.5.4
Published
Aug 04, 2020
Tracked Since
Feb 18, 2026