SynopsisThe remote web server hosts a web application that is potentially affected by a cross-site scripting vulnerability.
DescriptionAccording to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is potentially affected by a cross-site scripting (XSS) vulnerability in the ConfigurePortalPages.jspa resource due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session. (CVE-2019-3402)
SolutionUpgrade to Atlassian Jira version 7.13.3 / 8.1.1 / 8.2.0 or later.