Atlassian JIRA Cross-Site Scripting (XSS) Vulnerability (JRASERVER-68526)
Low Nessus Plugin ID 124769
SynopsisThe remote web server hosts a web application that is potentially affected by a server-side request forgery vulnerability.
DescriptionAccording to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is prior to 7.6.10 or 7.x.x prior to 7.12.4 or 7.13.x prior to 7.13.1. It is, therefore, affected by a cross-site scripting (XSS) vulnerability due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session.
SolutionUpgrade to Atlassian JIRA version 7.6.10 / 7.12.4 / 7.13.1