-
Bug
-
Resolution: Fixed
-
Medium
-
None
-
None
-
Severity 2 - Major
-
Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a commit author.
[FE-7000] XSS in various resources through the name of a commit author - CVE-2017-18090
| Workflow | Original: FE-CRUC Bug Workflow [ 2944986 ] | New: JAC Bug Workflow v3 [ 2957290 ] |
| Workflow | Original: FECRU Development Workflow - Triage - Restricted [ 2594847 ] | New: FE-CRUC Bug Workflow [ 2944986 ] |
| Link | New: This issue is related to FE-7005 [ FE-7005 ] |
| Link | Original: This issue was cloned as FE-7005 [ FE-7005 ] |
| Link | New: This issue was cloned as FE-7005 [ FE-7005 ] |
| Security | Original: Reporter and Atlassian Staff [ 10751 ] |
| Labels | Original: CVE-2017-18090 advisory advisory-to-release bugbounty cvss-medium security xss | New: CVE-2017-18090 advisory advisory-released bugbounty cvss-medium security xss |
| Priority | Original: Low [ 4 ] | New: Medium [ 3 ] |
| Summary | Original: CVE-2017-18090 | New: XSS in various resources through the name of a commit author - CVE-2017-18090 |
| Description | Original: Various resources in Atlassian Fisheye before version 4.5.1 and before version 4.6.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in VULN_INFO. | New: Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a commit author. |