[CRUC-8046] XSS in File Upload when Changing Charset - CVE-2017-9509 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 4.4.1
Affects Version/s: None
Component/s: None
Labels:

Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Server bug fix policy

The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file

No work has yet been logged on this issue.

Assignee:: Unassigned

Reporter:: Piotr Swiecicki

Affected customers:: 0 This affects my team

Watchers:: 1 Start watching this issue

Created:: 17/Jul/2017 7:57 AM

Updated:: 30/Aug/2017 6:16 AM

Resolved:: 17/Jul/2017 7:58 AM

Details

Description

Attachments

Forms

Activity

[CRUC-8046] XSS in File Upload when Changing Charset - CVE-2017-9509

People

Dates