Jira is a proprietary issue tracking product, developed by Atlassian. It provides bug tracking, issue tracking, and project management functions.
Atlassian Jira versions Jira 6.0.* <= 6.1.4 are vulnerable to a DOM-based cross-site scripting vulnerability.
DOM-based XSS is a type of cross site scripting attack which relies on inappropriate handling, in the HTML page, of the data from its associated DOM. Among the objects in the DOM, there are several which the attacker can manipulate in order to generate the XSS condition, and the most popular, from this perspective, are the document.url, document.location and document.referrer objects.
- Customers who have downloaded and installed JIRA should upgrade their existing JIRA installations or apply the patches to fix these vulnerabilities.
- WordPress Plugin WordPress Firewall 2 Multiple Vulnerabilities (1.3)
- WordPress Plugin FireStats Multiple Cross-Site Scripting and Authentication Bypass Vulnerabilities (1.0.2)
- WordPress Plugin XML Sitemap & Google News feeds Cross-Site Scripting (3.9)
- WordPress Plugin WP-FaceThumb Cross-Site Scripting (1.0)
- WordPress Plugin WordPress-Amazon-Associate (WPAA) Cross-Site Scripting (2.0)