Atlassian Fisheye and Crucible cross-site scripting vulnerabilities (CNVD-2019-04924)

Atlassian Fisheye and Crucible are both products of the Australian company Atlassian, Atlassian Fisheye is a suite of in-depth viewers of source code and Crucible is a suite of code review tools. A cross-site scripting vulnerability exists in Atlassian Fisheye and Crucible versions prior to 4.7.0...

CVE-2018-20241

The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the wbuser parameter...