-
Bug
-
Resolution: Fixed
-
Medium
-
None
-
None
-
Severity 3 - Minor
-
The repository changelog resource in Atlassian FishEye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the start date and end date parameters.
[FE-6890] Reflected XSS in the repository changelog resource through the start date and end date filter parameters - CVE-2017-9510
| Workflow | Original: FE-CRUC Bug Workflow [ 2943699 ] | New: JAC Bug Workflow v3 [ 2956478 ] |
| Workflow | Original: FECRU Development Workflow - Triage - Restricted [ 2409596 ] | New: FE-CRUC Bug Workflow [ 2943699 ] |
| Remote Link | Original: This issue links to "Page (Extranet)" [ 314337 ] |
| Labels | Original: advisory-released cvss-medium security xss | New: CVE-2017-9510 advisory-released cvss-medium security xss |
| Summary | Original: Reflected XSS in the repository commit changelog resource through a filter parameter. | New: Reflected XSS in the repository changelog resource through the start date and end date filter parameters - CVE-2017-9510 |
| Priority | Original: Low [ 4 ] | New: Medium [ 3 ] |
| Description | Original: There is a reflected XSS in the repository commit changelog resource through a filter parameter. | New: The repository changelog resource in Atlassian FishEye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the start date and end date parameters. |
| Description | Original: There is a reflected XSS in the parameter of the commit filter. | New: There is a reflected XSS in the repository commit changelog resource through a filter parameter. |
| Summary | Original: Reflected XSS in the parameter of the commit filter | New: Reflected XSS in the repository commit changelog resource through a filter parameter. |
| Remote Link | New: This issue links to "Page (Extranet)" [ 314337 ] |