The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Atlassian

Fisheye and Crucible

Affected Versions:

prior to 4.4.3 prior to 4.5.0

References

https://jira.atlassian.com/browse/FE-7006

https://jira.atlassian.com/browse/CRUC-8173

http://www.securityfocus.com/bid/103079

Published: 2018-02-16T18:00:00Z

Last Modified: 2024-09-16T20:22:54.697Z

Copied to clipboard!