Vulnerability in Atlassian Fisheye And Crucible

CVE-2018-5228

The /browse/~raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the handling of response headers.

EPSS: 0.003 (50.2th percentile) — read the EPSS interpretation.

Affected products

Atlassian Fisheye And Crucible — versions unspecified

References

jira.atlassian.com/browse/FE-7035 (x_refsource_CONFIRM)
104006 (vdb-entry, x_refsource_BID)
jira.atlassian.com/browse/CRUC-8201 (x_refsource_CONFIRM)