Loading...

XML

Word

Printable

Details

Type: Public Security Vulnerability
Resolution: Fixed
Priority: Low
Fix Version/s: 8.21.0, 8.20.3
Affects Version/s: 8.20.3
Component/s: None
Labels:

CVSS Score:
5.9
CVSS Severity:
Medium
CVE ID:
CVE-2021-43945

Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint.

The affected versions are before version 8.20.3.

Affected versions:

version < 8.20.3

Fixed versions:

8.20.3
8.21.0

Attachments

Issue Links

mentioned in: Page Loading...; Page Loading...; Page Loading...

Activity

People

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 30/Nov/2021 6:48 PM

Updated:: 21/Feb/2023 3:40 PM

Resolved:: 28/Feb/2022 12:17 AM