2 matches found
CVE-2017-18090
Various resources in Atlassian Fisheye before version 4.5.1 the fixed version for 4.5.x and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of a commit author...
CVE-2017-18090
CVE-2017-18090 affects Atlassian Fisheye prior to 4.5.1 (4.5.x line) and prior to 4.6.0, where an XSS flaw in the commit author name allows remote attackers to inject arbitrary HTML/JavaScript. The root cause is improper handling of author-name input, enabling script execution in victims’ session...