CVE-2021-43942
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (XSS) vulnerability in the /rest/collectors/1.0/template/custom endpoint. To exploit this issue, the attacker must trick a user into visiting a malicious website. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.
Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos inyectar HTML o JavaScript arbitrarios por medio de una vulnerabilidad de tipo Cross-Site Scripting (XSS) Reflejado en el endpoint /rest/collectors/1.0/template/custom. Para explotar este problema, el atacante debe engañar a un usuario para que visite un sitio web malicioso. Las versiones afectadas son anteriores a 8.13.15, y desde la versión 8.14.0 hasta 8.20.3
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2021-11-16 CVE Reserved
- 2022-01-04 CVE Published
- 2024-10-08 CVE Updated
- 2025-03-31 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://jira.atlassian.com/browse/JRASERVER-73068 | 2022-03-28 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Atlassian Search vendor "Atlassian" | Jira Server Search vendor "Atlassian" for product "Jira Server" | >= 8.14.0 < 8.20.3 Search vendor "Atlassian" for product "Jira Server" and version " >= 8.14.0 < 8.20.3" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Jira Server And Data Center Search vendor "Atlassian" for product "Jira Server And Data Center" | < 8.13.5 Search vendor "Atlassian" for product "Jira Server And Data Center" and version " < 8.13.5" | - |
Affected
| ||||||