Описание
The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup.
Ссылки
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 4.4.0 (включая) до 4.4.3 (исключая)
cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*
Конфигурация 2Версия от 4.4.0 (включая) до 4.4.3 (исключая)
cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00177
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 4.8
github
больше 3 лет назад
The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup.
EPSS
Процентиль: 39%
0.00177
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79