CVE-2017-18091
N/A
N/A
Summary
The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Atlassian | Fisheye and Crucible | prior to 4.4.3 | affected |
| Atlassian | Fisheye and Crucible | prior to 4.5.0 | affected |
Weaknesses
- Cross Site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
- https://jira.atlassian.com/browse/FE-7006
- https://jira.atlassian.com/browse/CRUC-8173
- http://www.securityfocus.com/bid/103079
References
- https://jira.atlassian.com/browse/FE-7006
- https://jira.atlassian.com/browse/CRUC-8173
- http://www.securityfocus.com/bid/103079
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.