Cross site scripting

2017-08-2417:29:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.8%

JSON

The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file.

CPENameOperatorVersion
cruciblele4.4.0
fisheyele4.4.0

CPE	Name	Operator	Version
	crucible	le	4.4.0
	fisheye	le	4.4.0

References

jira.atlassian.com/browse/CRUC-8046