Details
-
Bug
-
Resolution: Fixed
-
Low
-
4.7.0
-
Severity 3 - Minor
-
Description
The bundled version of atlassian-renderer in Crucible before version 4.7.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in nested wiki markup. For more information see https://jira.atlassian.com/browse/RNDR-153 (currently restricted to Atlassian staff).
Attachments
Issue Links
- is cloned from
-
FE-7198 XSS in various types of nested wiki markup - CVE-2017-18102
- Closed