Описание
An issue was discovered in the Gantt-Chart module before 5.5.5 for Jira. Due to missing validation of user input, it is vulnerable to a persistent XSS attack. An attacker can embed the attack vectors in the dashboard of other users. To exploit this vulnerability, an attacker has to be authenticated.
An issue was discovered in the Gantt-Chart module before 5.5.5 for Jira. Due to missing validation of user input, it is vulnerable to a persistent XSS attack. An attacker can embed the attack vectors in the dashboard of other users. To exploit this vulnerability, an attacker has to be authenticated.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-15944
- https://marketplace.atlassian.com/apps/28997/gantt-chart-for-jira?hosting=cloud&tab=overview
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-030.txt
- http://packetstormsecurity.com/files/158752/Gantt-Chart-For-Jira-5.5.4-Cross-Site-Scripting.html
- http://seclists.org/fulldisclosure/2020/Aug/1
EPSS
CVE ID
Связанные уязвимости
An issue was discovered in the Gantt-Chart module before 5.5.5 for Jira. Due to missing validation of user input, it is vulnerable to a persistent XSS attack. An attacker can embed the attack vectors in the dashboard of other users. To exploit this vulnerability, an attacker has to be authenticated.
EPSS