Community
Products
Jira
Questions
XSS vulnerability in jira instance 6.4.9

XSS vulnerability in jira instance 6.4.9

We identified a XSS (cross site scripting) vulnerability affecting web application.

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way.

Do we have any solution or patch?

1 answer

1 vote

I can't see a logged issue for an XSS attack on 6.4.9 specifically, but there are a few for 6.x that you might want to read through to see if there is something you can patch in.

However, the recommended solution/patch for all of those vulnerabilitues is simple - upgrade to a supported version. The lowest supported version is 7.13, but even that expires in a few weeks and I would strongly recommend that you upgrade to 8.5.8 (the latest "long term support" release), going from 6.4.9 -> 7.0.11 -> 7.13.17 -> 8.5.8

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Forums

Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

XSS vulnerability in jira instance 6.4.9

1 answer

Suggest an answer

Was this helpful?

Thanks!

TAGS

Community showcase

Atlassian Community Events