Medium severity4.8NVD Advisory· Published Feb 28, 2022· Updated Jun 17, 2026
CVE-2021-43945
CVE-2021-43945
Description
Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The affected versions are before version 8.20.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4<8.20.3+ 1 more
- (no CPE)range: <8.20.3
- (no CPE)range: unspecified
<8.20.3+ 1 more
- (no CPE)range: <8.20.3
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
1- jira.atlassian.com/browse/JRASERVER-73069nvdVendor Advisory
News mentions
0No linked articles in our index yet.