Uploaded image for project: 'Crucible'
  1. Crucible
  2. CRUC-5345

XSS vulnerability in Edit Review Details

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Highest
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.2.6, 2.3.8, 2.4.0
    • Component/s: None
    • Labels:
      None

      Description

      We have identified and fixed a cross-site scripting (XSS) vulnerability in the Crucible's edit review details screen.

      Affected versions are Crucible 2.2.0 to 2.3.7 inclusive.

      XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a FishEye/Crucible page. You can read more about XSS attacks at various places on the web, including these:

      This issue is reported in our security advisory on these pages:

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                alui Andrew Lui
                Participants:
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Last commented:
                  8 years, 25 weeks, 3 days ago