Cross-Site Scripting (XSS) Vulnerability in Atlassian Fisheye and Crucible

Cross-Site Scripting (XSS) Vulnerability in Atlassian Fisheye and Crucible

CVE-2017-18091 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup.

Learn more about our Web Application Penetration Testing UK.