Uploaded image for project: 'FishEye'
  1. FishEye
  2. FE-7282

XSS in the review resource through objectives - CVE-2020-4013

XMLWordPrintable

      The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives.

            [FE-7282] XSS in the review resource through objectives - CVE-2020-4013

            Marek Parfianowicz made changes -
            Labels Original: advisory advisory-released bugbounty cve-2020-4013 cvss-medium release-48x release-490 security sxss xss New: advisory advisory-released bugbounty cve-2020-4013 cvss-medium release-48x security sxss xss
            Marek Parfianowicz made changes -
            Labels Original: advisory advisory-released bugbounty cve-2020-4013 cvss-medium release-490 security sxss xss New: advisory advisory-released bugbounty cve-2020-4013 cvss-medium release-48x release-490 security sxss xss
            Marek Parfianowicz made changes -
            Labels Original: advisory advisory-released bugbounty cve-2020-4013 cvss-medium security sxss xss New: advisory advisory-released bugbounty cve-2020-4013 cvss-medium release-490 security sxss xss
            Marek Parfianowicz made changes -
            Fix Version/s Original: 4.9.0 [ 90694 ]
            AB made changes -
            Fix Version/s New: 4.8.3 [ 91929 ]
            Erin Jensby made changes -
            Labels Original: advisory advisory-to-release bugbounty cve-2020-4013 cvss-medium security sxss xss New: advisory advisory-released bugbounty cve-2020-4013 cvss-medium security sxss xss
            Erin Jensby made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: Needs Triage [ 10030 ] New: Closed [ 6 ]
            Erin Jensby made changes -
            Labels Original: advisory advisory-to-release bugbounty cvss-medium security sxss xss New: advisory advisory-to-release bugbounty cve-2020-4013 cvss-medium security sxss xss
            Erin Jensby made changes -
            Summary Original: XSS in Code reviews - CVE-PENDING New: XSS in the review resource through objectives - CVE-2020-4013
            Erin Jensby made changes -
            Description Original: Component in Atlassian Fisheye Crucible Development from version 4.8.0 before version 4.8.1 and before version 4.9.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in VULN_INFO. New: The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives.

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Affected customers:
              0 This affects my team
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: