XSS in edit upload for a review through the wbuser parameter - CVE-2018-20241

2019-02-14T20:39:34
ID ATLASSIAN:CRUC-8380
Type atlassian
Reporter ejensby
Modified 2019-02-19T23:40:24

Description

The Edit upload resource for a review in Atlassian Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter.