CVE-2017-14594

Name of the Vulnerable Software and Affected Versions: Atlassian Jira versions prior to 7.2.12 Atlassian Jira versions 7.3.0 through 7.6.0

Description: The issue concerns a cross site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary HTML or JavaScript via the jqlQuery query parameter in the printable search request issue resource.

Recommendations: For versions prior to 7.2.12, update to version 7.2.12 or later. For versions 7.3.0 through 7.6.0, update to version 7.6.1 or later. As a temporary workaround, consider restricting access to the jqlQuery query parameter in the affected API endpoint until a patch is available.