Uploaded image for project: 'Crucible'
  1. Crucible
  2. CRUC-8209

XSS in the review attachment resource - CVE-2018-13388

XMLWordPrintable

      The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files.

            [CRUC-8209] XSS in the review attachment resource - CVE-2018-13388

            Owen made changes -
            Workflow Original: FE-CRUC Bug Workflow [ 2939392 ] New: JAC Bug Workflow v3 [ 2952574 ]
            Owen made changes -
            Workflow Original: FECRU Development Workflow - Triage - Restricted [ 2706137 ] New: FE-CRUC Bug Workflow [ 2939392 ]
            David Black made changes -
            Labels Original: CVE-2018-13388 advisory advisory-to-release bugbounty cvss-medium security xss New: CVE-2018-13388 advisory advisory-released bugbounty cvss-medium security xss
            David Black made changes -
            Labels Original: advisory advisory-to-release bugbounty cvss-medium security xss New: CVE-2018-13388 advisory advisory-to-release bugbounty cvss-medium security xss
            David Black made changes -
            Summary Original: XSS in the review attachment resource - CVE-2018-PENDING New: XSS in the review attachment resource - CVE-2018-13388
            David Black made changes -
            Summary Original: XSS in the review attachment resource - CVE-2018-XXXX New: XSS in the review attachment resource - CVE-2018-PENDING
            David Black made changes -
            Complexity New: Unknown [ 10450 ]
            Fix Version/s New: 4.6.0 [ 75221 ]
            Fix Version/s New: 4.5.3 [ 78100 ]
            Fix Version/s Original: 4.6.0 [ 74797 ]
            Fix Version/s Original: 4.5.3 [ 78099 ]
            Key Original: FECRU-7406 New: CRUC-8209
            Symptom Severity New: Major [ 14431 ]
            Value New: Unknown [ 10456 ]
            Workflow Original: FECRU Development Workflow [ 2594764 ] New: FECRU Development Workflow - Triage - Restricted [ 2706137 ]
            Project Original: FishEye Crucible Development [ 12300 ] New: Crucible [ 11771 ]
            David Black made changes -
            Link New: This issue was cloned as FECRU-7536 [ FECRU-7536 ]
            David Black made changes -
            Summary Original: XSS in the review attachment resource New: XSS in the review attachment resource - CVE-2018-XXXX
            Marek Parfianowicz made changes -
            Remote Link New: This issue links to "Page (Extranet)" [ 371743 ]

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: