Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities

Summary
This host is running Atlassian JIRA and is prone to privilege escalation and multiple cross site scripting vulnerabilities.
Impact
Successful exploitation will let attackers to execute arbitrary script or gain higher privileges. Impact Level: Application
Solution
Upgrade to the Atlassian JIRA version 4.1.1 or later or apply patch. For more details refer, http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-04-16#JIRASecurityAdvisory2010-04-16-XSSVulnerabilitiesinJIRA ***** NOTE: Ignore this warning, if above mentioned patch is applied. *****
Insight
The flaws are caused because input passed to the - 'element' or 'defaultColor' parameters to the 'Colour Picker' page, - 'formName' and 'element' parameters and the 'full user name' field to the 'User Picker' and 'Group Picker' page, - 'announcement_preview_banner_st' parameter to the 'Announcement Banner Preview' page, - 'portletKey' parameter to 'runportleterror.jsp', URL to 'issuelinksmall.jsp', - 'afterURL' parameter to 'screenshot-redirecter.jsp', - 'Referrer' HTTP request header to '500page.jsp' - 'groupnames.jsp', 'indexbrowser.jsp', 'classpath-debug.jsp', 'viewdocument.jsp', and 'cleancommentspam.jsp' are not properly sanitised before being returned to the user. It allows administrative users to change certain path settings, which can be exploited to gain operating system account privileges to the server infrastructure.
Affected
Atlassian JIRA version 3.12 through 4.1
References