exploitDog

CVE-2017-18089

Опубликовано: 16 фев. 2018

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

The view review history resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the invited reviewers for a review.

Ссылки

http://www.securityfocus.com/bid/103075
Third Party Advisory
VDB Entry
https://jira.atlassian.com/browse/CRUC-8169
Vendor Advisory
http://www.securityfocus.com/bid/103075
Third Party Advisory
VDB Entry
https://jira.atlassian.com/browse/CRUC-8169
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*

Версия от 4.4.0 (включая) до 4.4.3 (исключая)

EPSS

Процентиль: 40%

0.0018

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-2fwm-m84p-x5qh

CVSS3: 5.4

github

больше 3 лет назад

The view review history resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the invited reviewers for a review.

EPSS

Процентиль: 40%

0.0018

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79