According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 6.0.5. It is, therefore, affected by multiple vulnerabilities:
A directory traversal in the Importers Plugin which permits remote attackers to create arbitrary files (CVE-2014-2313).
A Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel which allows remote attackers to inject arbitrary web script or HTML via the name parameter to secure/admin/user/DeleteUser!default.jspa (CVE-2013-5319).
Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.
No source data