Atlassian JIRA ConfigurePortalPages.jspa XSS
Medium Nessus Plugin ID 128763
SynopsisThe remote web server hosts a web application that is affected by a cross-site scripting vulnerability.
DescriptionThe instance of Atlassian JIRA hosted on the remote web server is vulnerable to a cross-site scripting vulnerability in the ConfigurePortalPages resource due to improper validation of user-supplied input data. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session.
SolutionUpgrade to Atlassian JIRA version 7.13.3 / 8.1.1 or later.