CVE-2017-18093

CVE Database · CVE-2017-18093

CVE-2017-18093

· N/AModified

CVSS v3.1

N/A

EPSS

0.89%

Published

Feb 19, 2018

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allow remote attackers who have permission to add or modify a repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the location setting of a configured repository.

Weaknesses (CWE)

CWE-79

Affected Products (2)

atlassian · fisheye (up to 4.4.3)vulnerable

atlassian · crucible (up to 4.4.3)vulnerable

References (6)

http://www.securityfocus.com/bid/103095

Third Party AdvisoryVDB Entry

https://jira.atlassian.com/browse/CRUC-8175

Vendor Advisory

https://jira.atlassian.com/browse/FE-7008

Vendor Advisory