Uploaded image for project: 'Crucible'
  1. Crucible
  2. CRUC-8043

XSS in review dashboard through a custom filter title - CVE-2017-9507

XMLWordPrintable

      The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the review filter title parameter.

            [CRUC-8043] XSS in review dashboard through a custom filter title - CVE-2017-9507

            Said made changes -
            Labels Original: CVE-2017-9507 advisory advisory-released cvss-medium security New: CVE-2017-9507 advisory advisory-released cvss-medium security xss
            Owen made changes -
            Workflow Original: FE-CRUC Bug Workflow [ 2941989 ] New: JAC Bug Workflow v3 [ 2955927 ]
            Owen made changes -
            Workflow Original: FECRU Development Workflow - Triage - Restricted [ 2409565 ] New: FE-CRUC Bug Workflow [ 2941989 ]
            David Black made changes -
            Remote Link Original: This issue links to "Page (Extranet)" [ 314235 ]
            David Black made changes -
            Labels Original: CVE-2017-9507 advisory-released cvss-medium security New: CVE-2017-9507 advisory advisory-released cvss-medium security
            David Black made changes -
            Labels Original: advisory-released cvss-medium security New: CVE-2017-9507 advisory-released cvss-medium security
            David Black made changes -
            Summary Original: XSS in review dashboard through a custom filter title New: XSS in review dashboard through a custom filter title - CVE-2017-9507
            David Black made changes -
            Description Original: The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the review filter title parameter. New: The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the review filter title parameter.
            David Black made changes -
            Description Original: The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the review filter title parameter.
            		New: The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the review filter title parameter.
            David Black made changes -
            Affects Version/s New: 4.1.0 [ 61350 ]
            Affects Version/s Original: 3.10.4 [ 61344 ]

              Unassigned Unassigned
              pswiecicki Piotr Swiecicki
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: