CVE-2017-18089Cross-site Scripting in Atlassian Crucible

CWE-79Cross-site Scripting3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.2%
top 60.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Atlassian Crucible
Timeline
PublishedFeb 16
Latest updateMay 14

Description

The view review history resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the invited reviewers for a review.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVDatlassian/crucible4.4.04.4.3
CVEListV5atlassian/crucibleprior to 4.4.3, prior to 4.5.0+1

🔴Vulnerability Details

2
GHSA
GHSA-2fwm-m84p-x5qh: The view review history resource in Atlassian Crucible before version 42022-05-14
CVEList
CVE-2017-18089: The view review history resource in Atlassian Crucible before version 42018-02-16
CVE-2017-18089 — Cross-site Scripting in Atlassian | cvebase