Uploaded image for project: 'FishEye'
  1. FishEye
  2. FE-7000

XSS in various resources through the name of a commit author - CVE-2017-18090

    XMLWordPrintable

    Details

      Description

      Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a commit author.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            security-metrics-bot SecurityB
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: