Vulnerability in Atlassian Fisheye And Crucible
CVE-2018-20241
The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter.
EPSS: 0.002 (41.4th percentile) — read the EPSS interpretation.
Affected products
- Atlassian Fisheye And Crucible — versions unspecified
References
- 107128 (vdb-entry, x_refsource_BID)
- jira.atlassian.com/browse/CRUC-8380 (x_refsource_CONFIRM)
- jira.atlassian.com/browse/FE-7162 (x_refsource_CONFIRM)