CVE-2020-14164

Name of the Vulnerable Software and Affected Versions Jira Server and Data Center versions prior to 8.8.2

Description The issue allows remote attackers to inject arbitrary HTML or JavaScript via a Cross Site Scripting (XSS) vulnerability. This can be achieved by pasting JavaScript code into the editor field of the WYSIWYG editor resource.

Recommendations For versions prior to 8.8.2, update to version 8.8.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the WYSIWYG editor or disabling the ability to paste JavaScript code into the editor field until a patch is applied.