CVE-2018-13392

Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue keys.
References
Link Resource
https://jira.atlassian.com/browse/FE-7081 Issue Tracking Third Party Advisory
https://jira.atlassian.com/browse/CRUC-8304 Issue Tracking Vendor Advisory
http://www.securityfocus.com/bid/105096 Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*

Information

Published : 2018-08-13 01:29

Updated : 2018-10-10 04:24


NVD link : CVE-2018-13392

Mitre link : CVE-2018-13392

Products Affected
No products.
CWE