Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

XSS vulnerability in jira instance

Shilpa Sanil
Shilpa Sanil
Contributor
August 17, 2020

We are getting mails from hackers that our Jira instance is having vulnerabilities. When i searched could see documents like its known issue for some versions.

Mail content is like:

 

Summary:
Reflected XSS can be submitted on reports, and anyone who will check the report the XSS will trigger.

Description:
Cross site scripting is a Vulnerability that allows an attacker to send malicious code (Usually in the form of JavaScript) to another user. Because a browser cannot know if the script should be trusted or not, It will execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser.

 

Any idea about this?

Is this a serious vulnerability in jira? our version is 7.0.10.

Thanks

Shilpa

Answer
Watch
Like Be the first to like this
577 views

1 answer

1 vote
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 17, 2020

Hi Shilpa,

Jira 7.0.10 is fairly aged at this point - that particular version is over 4 years old now and past its end-of-life. I would consider trying to schedule an upgrade in the near future. XSS vulnerabilities are common in most products that interact with browsers, and upgrading is a good way to take advantage of security research that goes into finding new ways to get around browser security and plug the gaps.

There are a couple critical security advisories we released for Jira Server last year that definitely affect your 7.0.10 version:

If you have questions about upgrading, we're here to help. A good start is by taking a look at the Jira upgrade matrix page which contains summaries of the features released in each major version since 7.5 and notes about which platforms are supported.

Cheers,
Daniel

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
SERVER
VERSION
7.0.10
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.