CVE-2021-43942

Name of the Vulnerable Software and Affected Versions Atlassian Jira Server and Data Center versions prior to 8.13.15 Atlassian Jira Server and Data Center versions 8.14.0 through 8.20.3

Description The issue allows remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (XSS) vulnerability in the "/rest/collectors/1.0/template/custom" endpoint. To exploit this issue, the attacker must trick a user into visiting a malicious website.

Recommendations For versions prior to 8.13.15, update to version 8.13.15 or later. For versions 8.14.0 through 8.20.3, update to version 8.20.3 or later. As a temporary workaround, consider restricting access to the "/rest/collectors/1.0/template/custom" endpoint until a patch is available.