The host is installed with Atlassian Jira Server before 8.13.15, or 8.14.0 before 8.20.3 and is prone to a reflected cross-site scripting (xss) vulnerability. A flaw is present in the application which fails to properly handle the /rest/collectors/1.0/template/custom endpoint. Successful exploitation could allow remote attackers to inject arbitrary html or JavaScript by tricking a user into visiting a malicious website.