Uploaded image for project: 'FishEye'
  1. FishEye
  2. FE-7000

XSS in various resources through the name of a commit author - CVE-2017-18090

    XMLWordPrintable

    Details

      Description

      Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a commit author.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              security-metrics-bot SecurityB
              Participants:
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Last commented:
                1 year, 20 weeks, 3 days ago