CVE-2021-43943
published 2022-02-24CVE-2021-43943: Affected versions of Atlassian Jira Service Management Server and Data Center allow attackers with administrator privileges to inject arbitrary HTML or…
medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
Affected versions of Atlassian Jira Service Management Server and Data Center allow attackers with administrator privileges to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the "Object Schema" field of /secure/admin/InsightDefaultCustomFieldConfig.jspa. The affected versions are before version 4.21.0.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | jira_service_management | < 4.21.0 | 4.21.0 |
| atlassian | jira_service_management_data_center | >= unspecified < 4.21.0 | 4.21.0 |
| atlassian | jira_service_management_server | >= unspecified < 4.21.0 | 4.21.0 |