CVE-2012-1500

Name of the Vulnerable Software and Affected Versions JIRA version 4.4.3 GreenHopper versions prior to 5.9.8

Description The issue allows an attacker to inject arbitrary script code, enabling a Stored XSS attack. This is possible due to a vulnerability in the UpdateFieldJson.jspa file.

Recommendations For JIRA version 4.4.3, update to a version later than 4.4.3 to resolve the issue. For GreenHopper versions prior to 5.9.8, update to version 5.9.8 or later to fix the vulnerability. As a temporary workaround, consider restricting access to the UpdateFieldJson.jspa file until a patch is available.