Atlassian Jira is a defect tracking management system from Atlassian Australia. A cross-site scripting vulnerability exists in Atlassian Jira Service Management Server and Data Center versions prior to 4.21.0, which originates in /secure/admin/ The “Object Schema” field of InsightDefaultCustomFieldConfig lacks a data validation filter for user-supplied data and output. An attacker could use this vulnerability to execute JavaScript code on the client side.