Cross-Site Scripting Flaw in Atlassian Fisheye and Crucible Software
CVE-2019-15008
6.1MEDIUM
What is CVE-2019-15008?
A security flaw in the /plugins/servlet/branchreview resource of Atlassian Fisheye and Crucible allows attackers to conduct Cross-Site Scripting attacks by injecting malicious HTML or JavaScript through the manipulated reviewedBranch parameter. This vulnerability poses a significant risk to users, potentially leading to unauthorized access and manipulation of sensitive data.
Affected Version(s)
Crucible < 4.7.3
Fisheye < 4.7.3