CVE-2018-5229

5.4MEDIUM

Key Information:

Vendor: Atlassian
Status: Universal Plugin Manager
Vendor: CVE Published:; 16 July 2018

Summary

The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names.

Affected Version(s)

Universal Plugin Manager < 2.22.9

References

https://ecosystem.atlassian.net/browse/UPM-5871

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 16, 2018
Vulnerability Reserved
Jan 5, 2018