CVE-2020-15943

HIGH

Gantt-Chart < 5.5.4 - Authenticated Missing Authorization and Cross-Site Scripting

Title source: llm
STIX 2.1

Description

An issue was discovered in the Gantt-Chart module before 5.5.4 for Jira. Due to a missing privilege check, it is possible to read and write to the module configuration of other users. This can also be used to deliver an XSS payload to other users' dashboards. To exploit this vulnerability, an attacker has to be authenticated.

References (4)

Core 4
Core References
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Aug/0

Scores

CVSS v3 8.1
EPSS 0.0183
EPSS Percentile 76.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-79 CWE-862
Status published
Products (1)
gantt-chart_project/gantt-chart < 5.5.4
Published Aug 04, 2020
Tracked Since Feb 18, 2026