CVE-2017-16864

Name of the Vulnerable Software and Affected Versions: Atlassian Jira versions prior to 7.4.2

Description: The issue search resource in Atlassian Jira contains a cross site scripting (XSS) vulnerability in the orderby parameter, allowing remote attackers to inject arbitrary HTML or JavaScript.

Recommendations: For versions prior to 7.4.2, update to version 7.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the orderby parameter in the issue search resource to minimize the risk of exploitation.