CVE-2018-13388

The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files.
References
Link Resource
https://jira.atlassian.com/browse/FE-7059 Issue Tracking Patch
https://jira.atlassian.com/browse/CRUC-8209 Issue Tracking Patch
http://www.securityfocus.com/bid/104717 Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*

Information

Published : 2018-07-10 01:29

Updated : 2018-09-04 05:32


NVD link : CVE-2018-13388

Mitre link : CVE-2018-13388

Products Affected
No products.
CWE