Cross site scripting

2017-08-2417:29:00

PRIOn knowledge base

www.prio-n.com

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.8%

JSON

Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file.

CPENameOperatorVersion
crucibleeq4.3.1
crucibleeq4.4.0
fisheyeeq4.4.0
fisheyeeq4.3.1

Name	Operator	Version
crucible	eq	4.3.1
crucible	eq	4.4.0
fisheye	eq	4.4.0
fisheye	eq	4.3.1

References

jira.atlassian.com/browse/CRUC-8044

jira.atlassian.com/browse/FE-6898