CVE-2017-14588

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.2%
top 52.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Atlassian CrucibleAtlassian FisheyeAtlassian Atlassian Fisheye AND Crucible
Timeline
PublishedOct 11
Latest updateMay 13

Description

Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

CVEListV5atlassian/atlassian_fisheye_and_crucibleAll versions prior to version 4.4.2

🔴Vulnerability Details

2
GHSA
GHSA-frqp-667v-9r36: Various resources in Atlassian Fisheye and Crucible before version 42022-05-13
CVEList
CVE-2017-14588: Various resources in Atlassian Fisheye and Crucible before version 42017-10-11
CVE-2017-14588 (MEDIUM CVSS 6.1) | Various resources in Atlassian Fish | cvebase.io