Medium We have identified and fixed several reflected and persisted cross-site scripting (XSS) vulnerabilities that affect GreenHopper instances, including publicly available instances (that is, Internet-facing servers). XSS vulnerabilities allow an attacker to embed their own JavaScript into a GreenHopper page.
More details are available in the advisory at https://confluence.atlassian.com/display/GH/GreenHopper+Security+Advisory+2012-08-21