Atlassian JIRA suffers from a reflective cross site scripting issue due to a failure to properly sanitize user-supplied input to the 'name' GET parameter in the 'deleteuserconfirm.jsp' script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session. Versions 6.0.2 and 6.0.3 are affected.
ab3cb5e6a9aa9ab21e1203de1595664804cc4c0b93ca4062353260a40b6d0a24