XSS in Issue Collector

Hi Atlassian!

There is a XSS vulnerability in the issue collector:

File: /atlassian-jira-5.1.8-source/jira-issue-collector-plugin/src/main/resources/templates/view-collector.vm
Line 82: <td class="nav summary"><a href="${baseurl}/browse/${issue.key}">${issue.summary}</a>

Anonymous users can inject JS in the issue summary which usually will be executed by users with extended permissions.

Best regards,
Conrad