Description
The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter.
Remediation
References
Related Vulnerabilities
WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.12)
WordPress Plugin Genesis Simple Share Cross-Site Scripting (1.0.6)
WordPress Plugin Booking.com Banner Creator Cross-Site Scripting (1.4.2)
MySQL CVE-2017-3651 Vulnerability (CVE-2017-3651)
Django Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-0305)