Lucene search
AtlassianCVELIST:CVE-2021-43945HistoryDec 31, 2021 - 12:00 a.m.
CVE-2021-43945
2021-12-3100:00:00
atlassian
www.cve.org
0.001 Low
EPSS
Percentile
29.3%
Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The affected versions are before version 8.20.3.
CNA Affected
[
{
"product": "Jira Server",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "8.20.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Jira Data Center",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "8.20.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
cnvd
cnvd
Atlassian Jira Cross-Site Scripting Vulnerability (CNVD-2022-17776)
2022-03-01 00:00:00
cve
cve
CVE-2021-43945
2022-02-28 01:15:08
nessus
nessus
Atlassian Jira < 8.20.3 / 8.21.0 XSS (JRASERVER-73069)
2022-07-06 00:00:00
atlassian
atlassian
nvd
nvd
CVE-2021-43945
2022-02-28 01:15:08
prion
prion
Cross site scripting
2022-02-28 01:15:00