Uploaded image for project: 'Crucible'
  1. Crucible
  2. CRUC-8169

XSS in the view review history resource through invited reviewers - CVE-2017-18089

    XMLWordPrintable

    Details

      Description

      The view review history resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the invited reviewers for a review.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Due:
                Created:
                Updated:
                Resolved:
                Last commented:
                1 year, 28 weeks, 1 day ago