Cross-Site Scripting Vulnerability in Atlassian Crucible
CVE-2017-9507

5.4MEDIUM

Key Information:

Vendor: Atlassian
Status: Atlassian Crucible
Vendor: CVE Published:; 24 August 2017

Summary

A vulnerability in the review dashboard resource of Atlassian Crucible allows remote attackers to exploit cross-site scripting (XSS). This occurs due to improper handling of the review filter title parameter, enabling attackers to inject arbitrary HTML or JavaScript code. Successful exploitation can lead to unauthorized actions against users or even hijacking of sessions, posing significant risks to application security.

Affected Version(s)

Atlassian Crucible From version 4.1.0 before version 4.4.1.

References

https://jira.atlassian.com/browse/CRUC-8043

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 24, 2017
Vulnerability Reserved
Jun 7, 2017