-
Bug
-
Resolution: Fixed
-
Medium
-
None
-
None
-
Severity 3 - Minor
-
The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file
[CRUC-8046] XSS in File Upload when Changing Charset - CVE-2017-9509
Workflow | Original: FE-CRUC Bug Workflow [ 2940040 ] | New: JAC Bug Workflow v3 [ 2954095 ] |
Workflow | Original: FECRU Development Workflow - Triage - Restricted [ 2409576 ] | New: FE-CRUC Bug Workflow [ 2940040 ] |
Labels | Original: CVE-2017-9509 advisory-released cvss-medium security xss | New: CVE-2017-9509 advisory advisory-released cvss-medium security xss |
Labels | Original: advisory-released cvss-medium security xss | New: CVE-2017-9509 advisory-released cvss-medium security xss |
Summary | Original: XSS in File Upload when Changing Charset | New: XSS in File Upload when Changing Charset - CVE-2017-9509 |
Description | Original: A user can change the charset to include malicious content which can cause XSS to other users accessing the review. | New: The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file |
Priority | Original: Low [ 4 ] | New: Medium [ 3 ] |
Labels | Original: advisory-released cvss-medium fecru-published security xss | New: advisory-released cvss-medium security xss |
Labels | Original: cvss-medium fecru-published security xss | New: advisory-released cvss-medium fecru-published security xss |
CVSS v3 score: 5.4 => Medium severity
Exploitability Metrics
Scope Metric
Impact Metrics
https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N