Cross site scripting

2018-02-1914:29:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

35.7%

JSON

Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allow remote attackers who have permission to add or modify a repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the location setting of a configured repository.

CPENameOperatorVersion
cruciblege4.4.0
cruciblelt4.4.3
fisheyege4.4.0
fisheyelt4.4.3

Name	Operator	Version
crucible	ge	4.4.0
crucible	lt	4.4.3
fisheye	ge	4.4.0
fisheye	lt	4.4.3

References

www.securityfocus.com/bid/103095

jira.atlassian.com/browse/CRUC-8175

jira.atlassian.com/browse/FE-7008

0.001 Low

EPSS

Percentile

35.7%

JSON

Related for PRION:CVE-2017-18093