Uploaded image for project: 'Jira Service Management Data Center'
  1. Jira Service Management Data Center
  2. JSDSERVER-10980

Stored XSS in "Object Schema" field of /secure/admin/InsightDefaultCustomFieldConfig.jspa - CVE-2021-43943

XMLWordPrintable

    • 7.6
    • High
    • CVE-2021-43943

      Affected versions of Atlassian Jira Service Management Server and Data Center allow attackers with administrator privileges to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the "Object Schema" field of /secure/admin/InsightDefaultCustomFieldConfig.jspa.

      The affected versions are before version 4.21.0.

      Affected versions:

      • version < 4.21.0

      Fixed versions:

      • 4.21.0

            [JSDSERVER-10980] Stored XSS in "Object Schema" field of /secure/admin/InsightDefaultCustomFieldConfig.jspa - CVE-2021-43943

            Security Metrics Bot made changes -
            CVE ID New: CVE-2021-43943
            AB made changes -
            Resolution New: Fixed [ 1 ]
            Security Original: Atlassian Staff [ 10750 ]
            Status Original: Draft [ 12872 ] New: Published [ 12873 ]
            AB made changes -
            Summary Original: Stored XSS in "Object Schema" field of /secure/admin/InsightDefaultCustomFieldConfig.jspa - CVE registration for this issue is already in progress New: Stored XSS in "Object Schema" field of /secure/admin/InsightDefaultCustomFieldConfig.jspa - CVE-2021-43943
            AB made changes -
            Summary Original: Stored XSS in "Object Schema" field of /secure/admin/InsightDefaultCustomFieldConfig.jspa - Jira Service Management Server New: Stored XSS in "Object Schema" field of /secure/admin/InsightDefaultCustomFieldConfig.jspa - CVE registration for this issue is already in progress
            AB made changes -
            Description Original: Affected versions of Atlassian Jira Service Management Server and Data Center allow attackers with administrator privileges to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in {component}.

            ((Use the `; versions` script here to list the fixed and affected versions))             		New: Affected versions of Atlassian Jira Service Management Server and Data Center allow attackers with administrator privileges to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the "Object Schema" field of /secure/admin/InsightDefaultCustomFieldConfig.jspa.

            The affected versions are before version 4.21.0.

            *Affected versions:*

             * version < 4.21.0

            *Fixed versions:*

             * 4.21.0
            AB made changes -
            Description Original:
            Affected versions of Atlassian Jira Service Management Server allow remote attackers
            to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in {component}.
            		 New: Affected versions of Atlassian Jira Service Management Server and Data Center allow attackers with administrator privileges to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in {component}.

            ((Use the `; versions` script here to list the fixed and affected versions))
            Security Metrics Bot made changes -
            Labels New: advisory advisory-to-release dont-import security
            Security Metrics Bot created issue -

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: