Is anyone familiar with this issue, or know if Jira software url-encodes all data/input in a uniform manner to prevent against such an attack? If not, can it be (@Atlassian folks)?
This was discovered with Burpsuite Pro.
https://portswigger.net/kb/issues/00501400_client-side-http-parameter-pollution-reflected
CWE-233
