← Volver a CVEs

CVE-2020-15944

MEDIUM

5.4

Descripcion

An issue was discovered in the Gantt-Chart module before 5.5.5 for Jira. Due to missing validation of user input, it is vulnerable to a persistent XSS attack. An attacker can embed the attack vectors in the dashboard of other users. To exploit this vulnerability, an attacker has to be authenticated.

Detalles CVE

Puntuacion CVSS v3.15.4

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosLOW

Interaccion usuarioREQUIRED

Publicado8/4/2020

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

gantt-chart_project:gantt-chart

Debilidades (CWE)

CWE-79

Referencias

http://packetstormsecurity.com/files/158752/Gantt-Chart-For-Jira-5.5.4-Cross-Site-Scripting.html(cve@mitre.org)

http://seclists.org/fulldisclosure/2020/Aug/1(cve@mitre.org)

https://marketplace.atlassian.com/apps/28997/gantt-chart-for-jira?hosting=cloud&tab=overview(cve@mitre.org)

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-030.txt(cve@mitre.org)

http://packetstormsecurity.com/files/158752/Gantt-Chart-For-Jira-5.5.4-Cross-Site-Scripting.html(af854a3a-2127-422b-91ae-364da2661108)

http://seclists.org/fulldisclosure/2020/Aug/1(af854a3a-2127-422b-91ae-364da2661108)

https://marketplace.atlassian.com/apps/28997/gantt-chart-for-jira?hosting=cloud&tab=overview(af854a3a-2127-422b-91ae-364da2661108)

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-030.txt(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.