• Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Highest Highest
    • 2.2.6, 2.3.8, 2.4.0
    • None
    • None
    • None

      We have identified and fixed a cross-site scripting (XSS) vulnerability in the Crucible's edit review details screen.

      Affected versions are Crucible 2.2.0 to 2.3.7 inclusive.

      XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a FishEye/Crucible page. You can read more about XSS attacks at various places on the web, including these:

      This issue is reported in our security advisory on these pages:

          Form Name

            [CRUC-5345] XSS vulnerability in Edit Review Details

              Unassigned Unassigned
              alui Andrew
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: