Cross-Site Scripting Vulnerability in Atlassian Fisheye and Crucible
CVE-2017-14588

6.1MEDIUM

Key Information:

Vendor
Atlassian
Status
Atlassian Fisheye And Crucible
Vendor
CVE Published:
10 October 2017

Summary

Multiple resources in Atlassian Fisheye and Crucible prior to version 4.4.2 are susceptible to a cross-site scripting vulnerability. This issue allows remote attackers to inject arbitrary HTML or JavaScript into the application by manipulating the dialog parameter, potentially leading to unauthorized actions on behalf of users.

Affected Version(s)

Atlassian Fisheye and Crucible All versions prior to version 4.4.2

References

http://www.securityfocus.com/bid/101268
vdb-entryx_refsource_BID
https://jira.atlassian.com/browse/FE-6935
x_refsource_MISC
https://jira.atlassian.com/browse/CRUC-8113
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.