CVE-2017-18093
Last modified
CVE-2017-18093 is a vulnerability of currently unknown severity. Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allow remote attackers who have permission to add or modify a repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the location setting of a configured repository.. EPSS estimates a 0.89% chance of exploitation in the next 30 days.
Description
Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allow remote attackers who have permission to add or modify a repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the location setting of a configured repository.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Atlassian | Fisheye | >= 4.4.0, < 4.4.3 |
| Atlassian | Crucible | >= 4.4.0, < 4.4.3 |
References
- http://www.securityfocus.com/bid/103095Third Party Advisory, VDB Entry
- https://jira.atlassian.com/browse/CRUC-8175Vendor Advisory
- https://jira.atlassian.com/browse/FE-7008Vendor Advisory
- http://www.securityfocus.com/bid/103095Third Party Advisory, VDB Entry
- https://jira.atlassian.com/browse/CRUC-8175Vendor Advisory
- https://jira.atlassian.com/browse/FE-7008Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-18093?
How severe is CVE-2017-18093?
How do I fix CVE-2017-18093?
Are you affected by CVE-2017-18093?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST