-
Bug
-
Resolution: Fixed
-
Medium
-
4.6.0, 4.7.0, 4.8.0
-
Severity 2 - Major
-
The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the committerFilter parameter.
Affected versions:
- version < 4.8.2
Fixed versions:
- 4.8.2
- 4.9.0
- relates to
-
CRUC-8482 XSS in the review coverage resource through the committerFilter parameter- CVE-2020-4023
- Closed