-
Bug
-
Resolution: Fixed
-
Medium
-
4.3.1, 4.4.0
-
None
-
Severity 3 - Minor
-
Various resources in Atlassian FishEye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file.
- was cloned as
-
-
- Closed
-
[CRUC-8044] Various XSS through a repository or review filename - CVE-2017-9508
| Workflow | Original: FE-CRUC Bug Workflow [ 2941973 ] | New: JAC Bug Workflow v3 [ 2954361 ] |
| Workflow | Original: FECRU Development Workflow - Triage - Restricted [ 2409566 ] | New: FE-CRUC Bug Workflow [ 2941973 ] |
| Remote Link | Original: This issue links to "Page (Extranet)" [ 314342 ] |
| Labels | Original: CVE-2017-9508 advisory-released cvss-medium security xss | New: CVE-2017-9508 advisory advisory-released cvss-medium security xss |
| Labels | Original: advisory-released cvss-medium security xss | New: CVE-2017-9508 advisory-released cvss-medium security xss |
| Summary | Original: Various XSS through a repository or review filename | New: Various XSS through a repository or review filename - CVE-2017-9508 |
| Summary | Original: XSS in malicious repository file | New: Various XSS through a repository or review filename |
| Description | Original: A malicious file added to a repository will cause an XSS to file inside of FishEye and Crucible. | New: Various resources in Atlassian FishEye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file. |
| Priority | Original: Low [ 4 ] | New: Medium [ 3 ] |
| Description | Original: A malicious file added to a repository will cause an XSS to file inside of FishEye | New: A malicious file added to a repository will cause an XSS to file inside of FishEye and Crucible. |