-
Bug
-
Resolution: Fixed
-
Low
-
4.8.0
-
Severity 2 - Major
-
The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives.
[CRUC-8466] XSS in the review resource through objectives - CVE-2020-4013
| Labels | Original: advisory advisory-released bugbounty cve-2020-4013 cvss-medium release-48x release-490 security sxss xss | New: advisory advisory-released bugbounty cve-2020-4013 cvss-medium release-48x security sxss xss |
| Labels | Original: advisory advisory-released bugbounty cve-2020-4013 cvss-medium release-490 security sxss xss | New: advisory advisory-released bugbounty cve-2020-4013 cvss-medium release-48x release-490 security sxss xss |
| Labels | Original: advisory advisory-released bugbounty cve-2020-4013 cvss-medium security sxss xss | New: advisory advisory-released bugbounty cve-2020-4013 cvss-medium release-490 security sxss xss |
| Fix Version/s | Original: 4.9.0 [ 90696 ] |
| Fix Version/s | New: 4.8.3 [ 92111 ] |
| Labels | Original: advisory advisory-to-release bugbounty cve-2020-4013 cvss-medium security sxss xss | New: advisory advisory-released bugbounty cve-2020-4013 cvss-medium security sxss xss |
| Due Date | Original: 16/Jul/2020 |
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: Closed [ 6 ] | New: Closed [ 6 ] |
| Due Date | New: 16/Jul/2020 |
| Labels | Original: advisory advisory-to-release bugbounty cvss-medium security sxss xss | New: advisory advisory-to-release bugbounty cve-2020-4013 cvss-medium security sxss xss |