Uploaded image for project: 'FishEye'
  1. FishEye
  2. FE-7161

XSS in the listApplicationLinks resource of the Application links plugin - CVE-2018-20239

XMLWordPrintable

      The version of the Application Links plugin used in Fisheye before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. See https://ecosystem.atlassian.net/browse/APL-1373 for more details.

            [FE-7161] XSS in the listApplicationLinks resource of the Application links plugin - CVE-2018-20239

            Anonymous made changes -
            Remote Link Original: This issue links to "APL-1373 (Ecosystem Jira)" [ 421476 ] New: This issue links to "APL-1373 (Ecosystem JIRA)" [ 421476 ]
            Anonymous made changes -
            Remote Link Original: This issue links to "APL-1373 (Ecosystem Jira)" [ 421476 ] New: This issue links to "APL-1373 (Ecosystem JIRA)" [ 421476 ]
            Marek Parfianowicz made changes -
            Component/s New: Integrations [ 12293 ]
            Component/s Original: Integration [ 14591 ]
            David Black made changes -
            Labels Original: CVE-2018-20239 cvss-medium security xss New: CVE-2018-20239 advisory advisory-released cvss-medium patch-management security xss
            David Black made changes -
            Summary Original: XSS in Application Links through the applinkStartingUrl parameter - CVE-2018-20239 New: XSS in the listApplicationLinks resource of the Application links plugin - CVE-2018-20239
            David Black made changes -
            Remote Link New: This issue links to "APL-1373 (Ecosystem Jira)" [ 421476 ]
            David Black made changes -
            Security Original: Atlassian Staff [ 10750 ]
            David Black made changes -
            Labels Original: cvss-medium security xss New: CVE-2018-20239 cvss-medium security xss
            David Black made changes -
            Link New: This issue relates to CRUC-8379 [ CRUC-8379 ]
            David Black made changes -
            Description Original: The version of the Application Links plugin used in Atlassian Fisheye Crucible Development before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. See https://ecosystem.atlassian.net/browse/APL-1373 for more details. New: The version of the Application Links plugin used in Fisheye before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. See https://ecosystem.atlassian.net/browse/APL-1373 for more details.

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Affected customers:
              0 This affects my team
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: