According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is potentially affected by multiple vulnerabilities:
Atlassian Jira contains a flaw that allows a reflected cross-site scripting (XSS) attack. This flaw exists because the issue collector does not properly sanitize input to error messages for custom fields before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that executes arbitrary script code in a user’s browser session within the trust relationship between their browser and the server. (CVE-2018-5230)
Atlassian Jira contains a flaw in the ForgotLoginDetails resource that is triggered during the handling of a specially crafted request. This may allow a remote attacker to cause a denial of service. (CVE-2018-5231)
Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.
No source data