Atlassian Jira < 8.20.3 / 8.21.0 XSS (JRASERVER-73069)

The version of Atlassian Jira installed on the remote host is prior to 8.20.3 / 8.21.0. It is, therefore, affected by a vulnerability as referenced in the JRASERVER-73069 advisory. - Stored XSS on /rest/jpo/1.0/hierarchyConfiguration via issueTypes parameter - CVE-2021-43945 CVE-2021-43945 Note...

CVE-2021-43945

Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting SXSS vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The affected versions are...

Stored XSS on /rest/jpo/1.0/hierarchyConfiguration via issueTypes parameter - CVE-2021-43945

Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting SXSS vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The affected versions are...