CVE-2021-43956

Summary

The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability.

Affected Software

VendorProductVersion RangeStatus
AtlassianFisheyeunspecified < 4.8.9affected
AtlassianCrucibleunspecified < 4.8.9affected

Weaknesses

  • Cross Site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References