According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 3.12.1. It, therefore, has multiple vulnerabilities:
a Cross-site scripting (XSS) vulnerability which allows remote attackers to inject arbitrary web script or HTML, which is not properly handled when generating error messages (CVE-2007-6617).
A vulnerability which allows remote attackers to delete another user’s shared filter via a modified filter ID (CVE-2007-6618).
A flaw in the Setup Wizard does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language (CVE-2007-6619).
Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.
No source data