Cross-Site Scripting (XSS) Vulnerability in Atlassian Fisheye and Crucible
CVE-2017-18091 · LOW Severity
AV:N/AC:M/AU:S/C:N/I:P/A:N
The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup.
Learn more about our Web Application Penetration Testing UK.