Uploaded image for project: 'FishEye'
  1. FishEye
  2. FE-3797

XSS vulnerability in user's profile display name

XMLWordPrintable

      We have identified and fixed a stored cross-site scripting (XSS) vulnerability in the FishEye user profile. Affected versions are all versions earlier than 2.5.5

      XSS vulnerabilities allow an attacker to embed their own JavaScript into a FishEye page. You can read more about XSS attacks at various places on the web, including these:

      This issue is reported in our security advisory on this page:
      https://confluence.atlassian.com/x/gAjSEQ

            [FE-3797] XSS vulnerability in user's profile display name

            Owen made changes -
            Workflow Original: FE-CRUC Bug Workflow [ 2944370 ] New: JAC Bug Workflow v3 [ 2958586 ]
            Owen made changes -
            Workflow Original: FECRU Development Workflow - Triage - Restricted [ 1518279 ] New: FE-CRUC Bug Workflow [ 2944370 ]
            Owen made changes -
            Workflow Original: FECRU Development Workflow - Triage [ 940967 ] New: FECRU Development Workflow - Triage - Restricted [ 1518279 ]
            Security Metrics Bot made changes -
            Labels Original: advisory security New: advisory cvss-high security
            Piotr Swiecicki made changes -
            Workflow Original: FECRU Development Workflow (Triage) [ 351454 ] New: FECRU Development Workflow - Triage [ 940967 ]
            David Black made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: Open [ 1 ] New: Closed [ 6 ]
            David Black made changes -
            Description Original: We have identified and fixed a stored cross-site scripting (XSS) vulnerability in the FishEye user profile. Affected versions are all versions earlier than 2.5.5

            XSS vulnerabilities allow an attacker to embed their own JavaScript into a FishEye page. You can read more about XSS attacks at various places on the web, including these:

            * cgisecurity.com: http://www.cgisecurity.com/articles/xss-faq.shtml
            * The Web Application Security Consortium: http://projects.webappsec.org/Cross-Site+Scripting

            This issue is reported in our security advisory on this page:
            http://confluence.atlassian.com/x/dQH6Dw
            		New: We have identified and fixed a stored cross-site scripting (XSS) vulnerability in the FishEye user profile. Affected versions are all versions earlier than 2.5.5

            XSS vulnerabilities allow an attacker to embed their own JavaScript into a FishEye page. You can read more about XSS attacks at various places on the web, including these:

            * cgisecurity.com: http://www.cgisecurity.com/articles/xss-faq.shtml
            * The Web Application Security Consortium: http://projects.webappsec.org/Cross-Site+Scripting

            This issue is reported in our security advisory on this page:
            https://confluence.atlassian.com/x/gAjSEQ
            David Black made changes -
            Resolution Original: Fixed [ 1 ]
            Status Original: Closed [ 6 ] New: Open [ 1 ]
            VitalyA made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: Needs Triage [ 10030 ] New: Closed [ 6 ]
            paulwatson (Inactive) made changes -
            Security Original: Reporters and Developers [ 10090 ]

              vosipov VitalyA
              pwatson paulwatson (Inactive)
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: