Uploaded image for project: 'FishEye'
  1. FishEye
  2. FE-3798

XSS vulnerability in a user's comment

XMLWordPrintable

      We have identified and fixed a stored cross-site scripting (XSS) vulnerability in the FishEye user profile. Affected versions are all versions earlier than 2.5.5

      XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence page. You can read more about XSS attacks at various places on the web, including these:

      This issue is reported in our security advisory on this page:
      https://confluence.atlassian.com/x/gAjSEQ

            [FE-3798] XSS vulnerability in a user's comment

            Owen made changes -
            Workflow Original: FE-CRUC Bug Workflow [ 2942517 ] New: JAC Bug Workflow v3 [ 2958274 ]
            Owen made changes -
            Workflow Original: FECRU Development Workflow - Triage - Restricted [ 1515339 ] New: FE-CRUC Bug Workflow [ 2942517 ]
            Piotr Swiecicki made changes -
            Comment [ nice work. keep it up for any query related to support number visit our website.

            [http://supportnumbers.net|http://supportnumbers.net/] ]
            Owen made changes -
            Workflow Original: FECRU Development Workflow - Triage [ 940965 ] New: FECRU Development Workflow - Triage - Restricted [ 1515339 ]
            Security Metrics Bot made changes -
            Labels Original: advisory security New: advisory cvss-high security
            Piotr Swiecicki made changes -
            Workflow Original: FECRU Development Workflow (Triage) [ 351455 ] New: FECRU Development Workflow - Triage [ 940965 ]
            David Black made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: Open [ 1 ] New: Closed [ 6 ]
            David Black made changes -
            Description Original: We have identified and fixed a stored cross-site scripting (XSS) vulnerability in the FishEye user profile. Affected versions are all versions earlier than 2.5.5

            XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence page. You can read more about XSS attacks at various places on the web, including these:

            * cgisecurity.com: http://www.cgisecurity.com/articles/xss-faq.shtml
            * The Web Application Security Consortium: http://projects.webappsec.org/Cross-Site+Scripting

            This issue is reported in our security advisory on this page:
            http://confluence.atlassian.com/x/dQH6Dw
            		New: We have identified and fixed a stored cross-site scripting (XSS) vulnerability in the FishEye user profile. Affected versions are all versions earlier than 2.5.5

            XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence page. You can read more about XSS attacks at various places on the web, including these:

            * cgisecurity.com: http://www.cgisecurity.com/articles/xss-faq.shtml
            * The Web Application Security Consortium: http://projects.webappsec.org/Cross-Site+Scripting

            This issue is reported in our security advisory on this page:
            https://confluence.atlassian.com/x/gAjSEQ
            David Black made changes -
            Resolution Original: Fixed [ 1 ]
            Status Original: Closed [ 6 ] New: Open [ 1 ]
            VitalyA made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: Needs Triage [ 10030 ] New: Closed [ 6 ]

              vosipov VitalyA
              pwatson paulwatson (Inactive)
              Affected customers:
              0 This affects my team
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: