Details
Description
We have identified and fixed a cross-site scripting (XSS) vulnerability in FishEye's revision ID parameters on annotated views. This affects FishEye 2.3.0 to 2.3.6 inclusive.
- An attacker might take advantage of an XSS vulnerability to steal the current session of a logged-in user.
- XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a FishEye page. An attacker's text and script might be displayed to other people viewing the page.
This issue is reported in our security advisory on this page:
http://confluence.atlassian.com/x/uwJrDQ
You can read more about XSS attacks at cgisecurity, CERT and other places on the web: