Описание
Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:atlassian:crucible:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:crucible:4.4.0:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:fisheye:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:fisheye:4.4.0:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00223
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file.
EPSS
Процентиль: 45%
0.00223
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79