Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 4.4.1
Affects Version/s: 4.3.1, 4.4.0
Component/s: None
Labels:

Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Server bug fix policy

Various resources in Atlassian FishEye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file.

was cloned as

FE-6898 Various XSS through a repository or review filename - CVE-2017-9508

Closed

Assignee:: Unassigned

Reporter:: Piotr Swiecicki

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 17/Jul/2017 7:46 AM

Updated:: 29/Jan/2018 6:31 AM

Resolved:: 17/Jul/2017 7:49 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates