XSS to RCE on Atlassian Crucible

XMLWordPrintable

    • Type: Public Security Vulnerability
    • Resolution: Fixed
    • Priority: Low
    • 4.8.12
    • Affects Version/s: 4.8.12
    • Component/s: None
    • None
    • 6.4
    • Medium

      Crucible server is vulnerable to stored xss via file upload within certain endpoint  A malicious, authenticated user with the ability to modify reviews can upload a malicious php file with an XSS payload. 

              Assignee:
              Unassigned
              Reporter:
              Serhii Lisovskyi (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: