CVE-2017-18090

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.2%

top 54.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Fisheye

Timeline

PublishedFeb 16

Latest updateMay 14

Description

Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a commit author.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5atlassian/fisheyeprior to 4.5.1, prior to 4.6.0+1

▶NVDatlassian/fisheye4.5.0

🔴Vulnerability Details

GHSA

GHSA-76h4-p844-g65h: Various resources in Atlassian Fisheye before version 4↗2022-05-14

▶

CVEList

CVE-2017-18090: Various resources in Atlassian Fisheye before version 4↗2018-02-16

▶