Vulnerability in Atlassian Fisheye And Crucible
CVE-2017-18034
The source browse resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 allows allows remote attackers that have write access to an indexed repository to inject arbitrary HTML or JavaScript via a cross site scripting (X…
EPSS: 0.001 (33.9th percentile) — read the EPSS interpretation.
Affected products
- Atlassian Fisheye And Crucible — versions prior to 4.5.1 and 4.6.0
References
- jira.atlassian.com/browse/FE-6994 (x_refsource_CONFIRM)
- jira.atlassian.com/browse/CRUC-8161 (x_refsource_CONFIRM)