Uploaded image for project: 'Crucible'
  1. Crucible
  2. CRUC-8112

XSS in the administration user deletion resource through the uname parameter - CVE-2017-14587

XMLWordPrintable

      The administration user deletion resource in Atlassian FishEye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter.

            [CRUC-8112] XSS in the administration user deletion resource through the uname parameter - CVE-2017-14587

            Owen made changes -
            Workflow Original: FE-CRUC Bug Workflow [ 2941656 ] New: JAC Bug Workflow v3 [ 2953998 ]
            Owen made changes -
            Workflow Original: FECRU Development Workflow - Triage - Restricted [ 2448980 ] New: FE-CRUC Bug Workflow [ 2941656 ]
            David Black made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: Needs Triage [ 10030 ] New: Closed [ 6 ]
            David Black made changes -
            Fix Version/s New: 4.5.0 [ 72296 ]
            Fix Version/s New: 4.4.2 [ 72295 ]
            Fix Version/s Original: 4.4.2 [ 72094 ]
            Fix Version/s Original: 4.5.0 [ 71891 ]
            Key Original: FE-6934 New: CRUC-8112
            Project Original: FishEye [ 11830 ] New: Crucible [ 11771 ]
            David Black made changes -
            Link New: This issue is detailed by FECRU-7292 [ FECRU-7292 ]
            David Black made changes -
            Link New: This issue is cloned from FE-6933 [ FE-6933 ]
            David Black created issue -

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Affected customers:
              0 This affects my team
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: