Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 2.2.7, 2.3.9, 2.4.5, 2.5.0
Affects Version/s: 2.2.6, 2.3.8, 2.4.4, 2.5-M6
Component/s: None
Labels:
None

Bug Fix Policy:
View Atlassian Server bug fix policy

Description

We have identified and fixed a cross-site scripting (XSS) vulnerability in the Crucible comments search.

Affected versions are Crucible 2.2.6 to 2.5.0 inclusive.

XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a FishEye/Crucible page. You can read more about XSS attacks at various places on the web, including these:

cgisecurity.com: http://www.cgisecurity.com/articles/xss-faq.shtml
The Web Application Security Consortium: http://projects.webappsec.org/Cross-Site+Scripting

This issue is reported in our security advisory on these pages:

Attachments

Activity

People

Assignee:: VitalyA

Reporter:: Andrew

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 21/Apr/2011 1:28 AM

Updated:: 16/May/2011 1:59 AM

Resolved:: 16/May/2011 1:59 AM