Launchpad.net

CVE 2016-4318

Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name.

See the CVE page on Mitre.org for more details.