CVE-2020-9344

MEDIUM EXPLOITED NUCLEI

Subversion ALM < 8.8.2 - Reflected Cross-Site Scripting

Title source: llm

CVE-2020-9344 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.

Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations.

Jira Subversion ALM for Enterprise <8.8.2 - Cross-Site Scripting

MEDIUMVERIFIEDby madrobot

Shodan: http.component:"Atlassian Jira" || http.component:"atlassian jira"

Core 2

Core References

Vendor Advisory x_refsource_misc

Exploit, Third Party Advisory x_refsource_misc

CVSS v3 6.1

EPSS 0.0520

EPSS Percentile 91.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

VulnCheck KEV 2024-09-19

CWE

CWE-79

Status published

Products (1)

atlassian/subversion_application_lifecycle_management < 8.8.2

Published Mar 20, 2020

Tracked Since Feb 18, 2026