Описание
Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allow remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the base path setting of a configured file system repository.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 4.4.0 (включая) до 4.4.3 (исключая)
Одно из
cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:fisheye:4.5.0:*:*:*:*:*:*:*
Конфигурация 2Версия от 4.4.0 (включая) до 4.4.3 (исключая)
Одно из
cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:crucible:4.5.0:*:*:*:*:*:*:*
EPSS
Процентиль: 35%
0.00148
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 4.8
github
больше 3 лет назад
Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allow remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the base path setting of a configured file system repository.
EPSS
Процентиль: 35%
0.00148
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79