Vulnerability Details CVE-2021-43942
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (XSS) vulnerability in the /rest/collectors/1.0/template/custom endpoint. To exploit this issue, the attacker must trick a user into visiting a malicious website. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.028
EPSS Ranking 85.5%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2021-43942
-
cpe:2.3:a:atlassian:jira_server:8.14.0
-
cpe:2.3:a:atlassian:jira_server:8.14.1
-
cpe:2.3:a:atlassian:jira_server:8.15.0
-
cpe:2.3:a:atlassian:jira_server:8.15.1
-
cpe:2.3:a:atlassian:jira_server:8.16.0
-
cpe:2.3:a:atlassian:jira_server:8.16.1
-
cpe:2.3:a:atlassian:jira_server:8.16.2
-
cpe:2.3:a:atlassian:jira_server:8.17.0
-
cpe:2.3:a:atlassian:jira_server:8.17.1
-
cpe:2.3:a:atlassian:jira_server:8.18.0
-
cpe:2.3:a:atlassian:jira_server:8.18.1
-
cpe:2.3:a:atlassian:jira_server:8.18.2
-
cpe:2.3:a:atlassian:jira_server:8.19.0
-
cpe:2.3:a:atlassian:jira_server:8.19.1
-
cpe:2.3:a:atlassian:jira_server:8.20.0
-
cpe:2.3:a:atlassian:jira_server:8.20.1
-
cpe:2.3:a:atlassian:jira_server:8.20.2
-
cpe:2.3:a:atlassian:jira_server_and_data_center:7.13.16
-
cpe:2.3:a:atlassian:jira_server_and_data_center:7.14.0
-
cpe:2.3:a:atlassian:jira_server_and_data_center:8.10.2
-
cpe:2.3:a:atlassian:jira_server_and_data_center:8.11.0
-
cpe:2.3:a:atlassian:jira_server_and_data_center:8.11.1
-
cpe:2.3:a:atlassian:jira_server_and_data_center:8.5.7
-
cpe:2.3:a:atlassian:jira_server_and_data_center:8.5.8
-
cpe:2.3:a:atlassian:jira_server_and_data_center:8.6.0