Atlassian Jira is a defect tracking management system from Atlassian Australia. A cross-site scripting vulnerability exists in Atlassian Jira Service Management Server and Data Center versions prior to 4.21.0, which originates in /secure/admin/ The “Object Schema” field of InsightDefaultCustomFieldConfig lacks a data validation filter for user-supplied data and output. An attacker could use this vulnerability to execute JavaScript code on the client side.
CPE | Name | Operator | Version |
---|---|---|---|
atlassian jira service management server and data cente | lt | 4.21.0 |