CVE-2018-13392
Atlassian Fisheye and Crucible are affected up to versions prior to 4.6.0. The issue is a cross-site scripting (XSS) vulnerability in the handling of linked issue keys, allowing remote attackers to inject arbitrary HTML/JavaScript. Remediation: upgrade to version 4.6.0 or later.