Uploaded image for project: 'Crucible'
  1. Crucible
  2. CRUC-8173

XSS in the admin backupprogress action through the filename of a backup - CVE-2017-18091

XMLWordPrintable

      The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup.

            [CRUC-8173] XSS in the admin backupprogress action through the filename of a backup - CVE-2017-18091

            Owen made changes -
            Workflow Original: FE-CRUC Bug Workflow [ 2939935 ] New: JAC Bug Workflow v3 [ 2952754 ]
            Owen made changes -
            Workflow Original: FECRU Development Workflow - Triage - Restricted [ 2632175 ] New: FE-CRUC Bug Workflow [ 2939935 ]
            David Black made changes -
            Labels Original: CVE-2017-18091 advisory advisory-to-release cvss-medium security xss New: CVE-2017-18091 advisory advisory-released cvss-medium security xss
            David Black made changes -
            Labels Original: advisory advisory-to-release cvss-medium security xss New: CVE-2017-18091 advisory advisory-to-release cvss-medium security xss
            David Black made changes -
            Link New: This issue relates to FE-7006 [ FE-7006 ]
            David Black made changes -
            Link Original: This issue is cloned from FE-7006 [ FE-7006 ]
            David Black made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: Needs Triage [ 10030 ] New: Closed [ 6 ]
            David Black made changes -
            Fix Version/s New: 4.5.0 [ 72296 ]
            Fix Version/s New: 4.4.3 [ 73502 ]
            Fix Version/s Original: 4.5.0 [ 71891 ]
            Fix Version/s Original: 4.4.3 [ 73503 ]
            Key Original: FE-7007 New: CRUC-8173
            Project Original: FishEye [ 11830 ] New: Crucible [ 11771 ]
            David Black made changes -
            Link New: This issue is detailed by FECRU-7296 [ FECRU-7296 ]
            David Black made changes -
            Link New: This issue is cloned from FE-7006 [ FE-7006 ]
            David Black created issue -

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: