exploitDog

GHSA-w37q-9jx3-6cgj

Опубликовано: 13 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter.

The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter.

Ссылки

EPSS

Процентиль: 41%

0.00196

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2017-14587

CVSS3: 5.4

nvd

больше 8 лет назад

The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter.

EPSS

Процентиль: 41%

0.00196

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79