Uploaded image for project: 'Crucible'
  1. Crucible
  2. CRUC-8046

XSS in File Upload when Changing Charset - CVE-2017-9509

XMLWordPrintable

      The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file

            [CRUC-8046] XSS in File Upload when Changing Charset - CVE-2017-9509

            Owen made changes -
            Workflow Original: FE-CRUC Bug Workflow [ 2940040 ] New: JAC Bug Workflow v3 [ 2954095 ]
            Owen made changes -
            Workflow Original: FECRU Development Workflow - Triage - Restricted [ 2409576 ] New: FE-CRUC Bug Workflow [ 2940040 ]
            David Black made changes -
            Labels Original: CVE-2017-9509 advisory-released cvss-medium security xss New: CVE-2017-9509 advisory advisory-released cvss-medium security xss
            David Black made changes -
            Labels Original: advisory-released cvss-medium security xss New: CVE-2017-9509 advisory-released cvss-medium security xss
            David Black made changes -
            Summary Original: XSS in File Upload when Changing Charset New: XSS in File Upload when Changing Charset - CVE-2017-9509
            David Black made changes -
            Description Original: A user can change the charset to include malicious content which can cause XSS to other users accessing the review. New: The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file
            David Black made changes -
            Priority Original: Low [ 4 ] New: Medium [ 3 ]
            Piotr Swiecicki made changes -
            Labels Original: advisory-released cvss-medium fecru-published security xss New: advisory-released cvss-medium security xss
            Piotr Swiecicki made changes -
            Labels Original: cvss-medium fecru-published security xss New: advisory-released cvss-medium fecru-published security xss
            Piotr Swiecicki made changes -
            Link New: This issue is incorporated by CRUC-8000 [ CRUC-8000 ]

              Unassigned Unassigned
              pswiecicki Piotr Swiecicki
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: