CVE-2021-20543

CWE-79 — Cross-site Scripting (XSS)CWE-743 documents3 sources

Severity

5.4MEDIUM

EPSS

0.1%

top 75.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Jazz Team Server

Timeline

PublishedJun 24

Latest updateJun 25

Description

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 198929.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5ibm/jazz_team_server5 versions+4

▶NVDibm/jazz_team_server5 versions+4

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-977j-fwfr-rmx9: IBM Jazz Team Server 6↗2022-06-25

▶

CVEList

CVE-2021-20543: IBM Jazz Team Server 6↗2022-06-24

▶