Various XSS through a repository or review filename - CVE-2017-9508

2017-07-17T07:46:38
ID ATLASSIAN:CRUC-8044
Type atlassian
Reporter pswiecicki
Modified 2018-01-29T06:31:32

Description

Various resources in Atlassian FishEye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file.