Uploaded image for project: 'Crucible'
  1. Crucible
  2. CRUC-8176

XSS in the print snippet resource through the contents of a comment on the snippet - CVE-2017-18092

    XMLWordPrintable

    Details

      Description

      The print snippet resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of a comment on the snippet.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              security-metrics-bot SecurityB
              Participants:
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Last commented:
                1 year, 19 weeks, 6 days ago