Vulnerability in Atlassian Bamboo
CVE-2017-18081
The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie.
EPSS: 0.002 (40.6th percentile) — read the EPSS interpretation.
Affected products
- Atlassian Bamboo — versions prior to 6.3.1
References
- jira.atlassian.com/browse/BAM-19665 (x_refsource_CONFIRM)
- 103087 (vdb-entry, x_refsource_BID)