CVE-2020-14166

Name of the Vulnerable Software and Affected Versions Jira Service Desk Server and Data Center versions prior to 4.10.0

Description The issue allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript via a Cross Site Scripting (XSS) vulnerability by uploading an HTML file to the /servicedesk/customer/portals resource.

Recommendations For versions prior to 4.10.0, update to version 4.10.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the /servicedesk/customer/portals resource to minimize the risk of exploitation. Avoid allowing project administrators to upload HTML files until the issue is resolved.