CVE-2021-43943

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
4.8MEDIUM
EPSS
0.3%
top 45.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Atlassian Jira Service Management Data CenterAtlassian Jira Service Management ServerAtlassian Jira Service Management
Timeline
PublishedFeb 24
Latest updateFeb 25

Description

Affected versions of Atlassian Jira Service Management Server and Data Center allow attackers with administrator privileges to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the "Object Schema" field of /secure/admin/InsightDefaultCustomFieldConfig.jspa. The affected versions are before version 4.21.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages3 packages

CVEListV5atlassian/jira_service_management_data_centerunspecified4.21.0
CVEListV5atlassian/jira_service_management_serverunspecified4.21.0

Patches

Patch: jira.atlassian.comPatch: jira.atlassian.com

🔴Vulnerability Details

2
GHSA
GHSA-v4f6-rc45-6c46: Affected versions of Atlassian Jira Service Management Server and Data Center allow attackers with administrator privileges to inject arbitrary HTML o2022-02-25
CVEList
CVE-2021-43943: Affected versions of Atlassian Jira Service Management Server and Data Center allow attackers with administrator privileges to inject arbitrary HTML o2022-02-24
CVE-2021-43943 (MEDIUM CVSS 4.8) | Affected versions of Atlassian Jira | cvebase.io