Atlassian JIRA Cross Site Scripting and HTML Injection Vulnerabilities

Atlassian JIRA is prone to a HTML-injection issue and a cross-site scripting issue.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user. Other attacks are also possible.

Atlassian JIRA 3.13 is vulnerable; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus