Details
-
Bug
-
Resolution: Fixed
-
Medium
-
4.3
-
None
-
4.03
-
Description
We have identified and fixed a cross-site scripting (XSS) vulnerability in JIRA administration interface.
Affected version is JIRA 4.3.x
XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a JIRA page. You can read more about XSS attacks at various places on the web, including these:
- cgisecurity.com: http://www.cgisecurity.com/articles/xss-faq.shtml
- The Web Application Security Consortium: http://projects.webappsec.org/Cross-Site+Scripting
This issue is reported in our security advisory on this page:
Updates for JIRA Bamboo Plugin are at https://plugins.atlassian.com/plugin/details/4946