Back to search
CVE-2017-18034
Published: Feb 2, 2018
Modified: Sep 16, 2024
PUBLISHED
Description
The source browse resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 allows allows remote attackers that have write access to an indexed repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in via a specially crafted repository branch name when trying to display deleted files of the branch.
| Vendor | Product | Versions |
|---|---|---|
Atlassian | Fisheye and Crucible | affected prior to 4.5.1 and 4.6.0 |
References
https://jira.atlassian.com/browse/FE-6994
x_refsource_CONFIRM
https://jira.atlassian.com/browse/CRUC-8161
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now