We have identified and fixed a reflected cross-site scripting (XSS) vulnerability in the Bamboo default 'internal server error' page.
This issue is reported in our security advisory on this page:
https://confluence.atlassian.com/x/rQP5FQ
You can read more about XSS attacks at: