Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name.
[
{
"product": "Atlassian JIRA Server before 7.1.9",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Atlassian JIRA Server before 7.1.9"
}
]
}
]
www.securityfocus.com/bid/97516
confluence.atlassian.com/jiracore/jira-core-7-1-x-release-notes-802161668.html#JIRACore7.1.xreleasenotes-v7.1.9v7.1.9-06July2016
jira.atlassian.com/browse/JRA-61861
jira.atlassian.com/browse/JRASERVER-61861
jira.atlassian.com/secure/ReleaseNote.jspa?projectId=10240&version=62034