CVE-2017-18092 — Cross-site Scripting in Atlassian Crucible

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 60.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Crucible

Timeline

PublishedFeb 19

Latest updateMay 14

Description

The print snippet resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of a comment on the snippet.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDatlassian/crucible< 4.4.3

▶CVEListV5atlassian/crucibleprior to 4.4.3, prior to 4.5.0+1

🔴Vulnerability Details

GHSA

GHSA-4r7x-c2f7-5gfh: The print snippet resource in Atlassian Crucible before version 4↗2022-05-14

▶

CVEList

CVE-2017-18092: The print snippet resource in Atlassian Crucible before version 4↗2018-02-19

▶