Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Atlassian JIRA 6.1.x < 6.1.4 XSS

Critical

Synopsis

The remote web server hosts an application that is vulnerable to a Cross-Site Scripting (XSS) attack vector.

Description

The version of JIRA installed on the remote host is earlier than 6.1.4 and is affected by an unspecified flaw in the web interface that may allow an attacker to commit actions on behalf of any other authorized user, potentially with elevated privileges. No further details have been provided by the vendor.

Solution

Update to JIRA 6.1.x version 6.1.4 or later.