Uploaded image for project: 'FishEye'
  1. FishEye
  2. FE-6935

XSS in various resources through the dialog parameter - CVE-2017-14588

XMLWordPrintable

      Various resources in Atlassian FishEye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter.

            [FE-6935] XSS in various resources through the dialog parameter - CVE-2017-14588

            Security Metrics Bot added a comment -

            This is an independent assessment and you should evaluate its applicability to your own IT environment.
            CVSS v3 score: 6.1 => Medium severity

            Exploitability Metrics

            Attack Vector Network
            Attack Complexity Low
            Privileges Required None
            User Interaction Required

            Scope Metric

            Scope Changed

            Impact Metrics

            Confidentiality Low
            Integrity Low
            Availability None

            Security Metrics Bot added a comment - This is an independent assessment and you should evaluate its applicability to your own IT environment. CVSS v3 score: 6.1 => Medium severity Exploitability Metrics Attack Vector Network Attack Complexity Low Privileges Required None User Interaction Required Scope Metric Scope Changed Impact Metrics Confidentiality Low Integrity Low Availability None

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Affected customers:
              0 This affects my team
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: