-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Low
-
Resolution: Fixed
-
Affects Version/s: 4.6.1
-
Fix Version/s: 4.7.0
-
Component/s: None
-
Symptom Severity:Severity 2 - Major
-
Bug Fix Policy:
The Edit upload resource for a review in Atlassian Fisheye before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter.
- is related to
-
CRUC-8380 XSS in edit upload for a review through the wbuser parameter - CVE-2018-20241
-
- Closed
-