Cross-Site Scripting Vulnerability in Atlassian Fisheye and Crucible
CVE-2017-9508

5.4MEDIUM

Key Information:

Vendor
Atlassian
Status
Atlassian Fisheye And Crucible
Vendor
CVE Published:
24 August 2017

Summary

Atlassian Fisheye and Crucible versions prior to 4.4.1 are susceptible to a cross-site scripting vulnerability. This flaw allows remote attackers to inject arbitrary HTML or JavaScript code by manipulating the name of a repository or review file. If exploited, attackers could potentially execute malicious scripts in the context of the user's session, leading to unauthorized actions or data exposure.

Affected Version(s)

Atlassian Fisheye and Crucible All versions prior to version 4.4.1

References

https://jira.atlassian.com/browse/CRUC-8044
x_refsource_MISC
https://jira.atlassian.com/browse/FE-6898
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.