[FE-6935] XSS in various resources through the dialog parameter - CVE-2017-14588 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 4.4.2, 4.5.0
Affects Version/s: None
Component/s: None
Labels:
- CVE-2017-14588
- advisory
- advisory-released
- bugbounty
- cvss-medium
- rxss
- security
- xss

Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

Various resources in Atlassian FishEye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter.

was cloned as

CRUC-8113 XSS in various resources through the dialog parameter - CVE-2017-14588

Closed

Owen made changes - 16/Oct/2018 8:16 AM

Workflow

Original: FE-CRUC Bug Workflow [ 2944793 ]

New: JAC Bug Workflow v3 [ 2956809 ]

Owen made changes - 16/Oct/2018 4:43 AM

Workflow

Original: FECRU Development Workflow - Triage - Restricted [ 2448984 ]

New: FE-CRUC Bug Workflow [ 2944793 ]

David Black made changes - 16/Jan/2018 2:22 AM

Comment

[ A comment with security level 'atlassian-staff' was removed. ]

Owen made changes - 16/Jan/2018 2:12 AM

Comment

[ ^"><img src=x onerror=prompt(document.cookie);> ``.txt ]

David Black made changes - 11/Oct/2017 1:44 AM

Link

New: This issue was cloned as ~~FE-6936~~ [ ~~FE-6936~~ ]

David Black made changes - 11/Oct/2017 1:44 AM

Summary

Original: XSS in the various resources through the dialog parameter - CVE-2017-14588

New: XSS in various resources through the dialog parameter - CVE-2017-14588

David Black made changes - 11/Oct/2017 1:44 AM

Labels

Original: advisory advisory-to-release bugbounty cvss-medium rxss security xss

New: CVE-2017-14588 advisory advisory-released bugbounty cvss-medium rxss security xss

David Black made changes - 11/Oct/2017 1:43 AM

Summary

Original: Sanitised security issue 8ffa6c926cf910ee9866ccfcda01d82206df1e9483bb1f6b54da72ed02c789a4

New: XSS in the various resources through the dialog parameter - CVE-2017-14588

David Black made changes - 11/Oct/2017 1:43 AM

Complexity		New: Unknown [ 10450 ]
Fix Version/s		New: 4.5.0 [ 71891 ]
Fix Version/s		New: 4.4.2 [ 72094 ]
Fix Version/s	Original: 4.4.2 [ 72351 ]
Fix Version/s	Original: 4.5.0 [ 72352 ]
Key	Original: ~~FECRU-7337~~	New: ~~FE-6935~~
Symptom Severity		New: Major [ 14431 ]
Value		New: Unknown [ 10456 ]
Workflow	Original: FECRU Development Workflow [ 2449075 ]	New: FECRU Development Workflow - Triage - Restricted [ 2448984 ]
Project	Original: FishEye Crucible Development [ 12300 ]	New: FishEye [ 11830 ]

David Black made changes - 11/Oct/2017 1:42 AM

Resolution		New: Fixed [ 1 ]
Status	Original: Open [ 1 ]	New: Closed [ 6 ]

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Affected customers:: 0 This affects my team

Watchers:: 4 Start watching this issue

Created:: 11/Oct/2017 1:35 AM

Updated:: 16/Jan/2018 2:22 AM

Resolved:: 11/Oct/2017 1:42 AM

Details

Description

Attachments

Issue Links

Forms

Activity

[FE-6935] XSS in various resources through the dialog parameter - CVE-2017-14588

People

Dates