Atlassian JIRA 7.x.x < 7.13.1 / 8.0.0 Cross-Site Scripting (XSS) Vulnerability (SB18-141)
Low Nessus Plugin ID 128522
SynopsisThe remote web server hosts a web application that is potentially affected by a cross-site scripting vulnerability.
DescriptionAccording to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is potentially affected by a cross-site scripting vulnerability which allows a reflected cross-site scripting (XSS) attack. This flaw exists because the activity stream gadget does not properly sanitize input to the country parameter before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that executes arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (CVE-2018-20827)
SolutionUpgrade to Atlassian JIRA version 7.13.1 or 8.0.0 or later.