We're updating the issue view to help you get more done. 

XSS in the invalidRedirectUrl template through the redirectUrl parameter - CVE-2017-16860

Description

The invalidRedirectUrl template in Atlassian Application Links before version 5.2.7, from version 5.3.0 before version 5.3.4 and from version 5.4.0 before version 5.4.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the redirectUrl parameter link in the redirect warning message.

Environment

Testing Notes

Add notes...

Status

Assignee

Unassigned

Reporter

SecurityB

Fix versions

Affects versions

5.3.0
5.4.0

Priority

Major