CVE-2006-3338

Name of the Vulnerable Software and Affected Versions Atlassian JIRA version 3.6.2-#156

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a direct request to "secure/ConfigureReleaseNote.jspa". The injected content is not sanitized before being returned in an error page.

Recommendations For Atlassian JIRA version 3.6.2-#156, consider restricting access to the "secure/ConfigureReleaseNote.jspa" endpoint until a fix is available. As a temporary workaround, ensure that all user input is properly sanitized before being returned in any error pages. At the moment, there is no information about a newer version that contains a fix for this vulnerability.