CVE-2017-14587

2017-10-11T18:29:00
ID CVE-2017-14587
Type cve
Reporter security@atlassian.com
Modified 2020-11-25T14:15:00

Description

The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter.