CVE-2017-18034
Atlassian FishEye and Crucible suffer a cross-site scripting (XSS) vulnerability in the source browse resource prior to versions 4.5.1 and 4.6.0. A remote attacker with write access to an indexed repository can inject arbitrary HTML/JavaScript by exploiting a specially crafted repository branch n...