Vulnerabilities > Atlassian > Jira Software Data Center > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-07-03 CVE-2020-14173 Cross-site Scripting vulnerability in Atlassian products
The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.
network
low complexity
atlassian CWE-79
5.4
5.4
2020-07-03 CVE-2019-20418 Unspecified vulnerability in Atlassian Jira Software Data Center
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint.
network
low complexity
atlassian
6.5
6.5
2020-07-01 CVE-2020-4029 Unspecified vulnerability in Atlassian products
The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before 8.7.2, and from 8.8.0 before 8.8.1 allows remote attackers to enumerate project names via an improper authorization vulnerability.
network
low complexity
atlassian
4.3
4.3
2020-07-01 CVE-2020-4025 Cross-site Scripting vulnerability in Atlassian products
The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a rdf content type.
network
low complexity
atlassian CWE-79
4.8
4.8
2020-07-01 CVE-2020-4024 Cross-site Scripting vulnerability in Atlassian products
The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a vnd.wap.xhtml+xml content type.
network
low complexity
atlassian CWE-79
5.4
5.4
2020-07-01 CVE-2020-4022 Cross-site Scripting vulnerability in Atlassian products
The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a mixed multipart content type.
network
low complexity
atlassian CWE-79
6.1
6.1
2020-07-01 CVE-2020-14169 Cross-site Scripting vulnerability in Atlassian Jira
The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability
network
low complexity
atlassian CWE-79
6.1
6.1
2020-07-01 CVE-2020-14168 Unspecified vulnerability in Atlassian products
The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails between a Jira instance and the SMTP server via man-in-the-middle (MITM) vulnerability.
network
high complexity
atlassian
5.9
5.9
2020-07-01 CVE-2020-14165 Unspecified vulnerability in Atlassian Jira
The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability.
network
low complexity
atlassian
5.3
5.3
2020-07-01 CVE-2020-14164 Cross-site Scripting vulnerability in Atlassian Jira
The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by pasting javascript code into the editor field.
network
low complexity
atlassian CWE-79
6.1
6.1