2 matches found
CVE-2017-9509
The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through the charset of a previously uploaded file...
CVE-2017-9509
The CVE-2017-9509 entry concerns Atlassian Crucible (before 4.4.1). The vulnerability is an XSS flaw in the review file upload resource, exploitable via the charset of a previously uploaded file, enabling remote injection of arbitrary HTML/JavaScript. Impact is limited to the affected Crucible ve...