2 matches found
CVE-2017-14587
The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the uname parameter...
CVE-2017-14587
Summary: CVE-2017-14587 affects Atlassian Fisheye and Crucible prior to 4.4.2. An administration user deletion resource is vulnerable to a cross-site scripting (XSS) flaw in the uname parameter, enabling a remote attacker to inject arbitrary HTML or JavaScript. The issue is exploitable remotely o...