CVE-2017-9507Cross-site Scripting in Atlassian Crucible

CWE-79Cross-site Scripting3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.2%
top 51.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Atlassian CrucibleAtlassian FisheyeAtlassian Crucible
Timeline
PublishedAug 24
Latest updateMay 14

Description

The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the review filter title parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

CVEListV5atlassian/atlassian_crucibleFrom version 4.1.0 before version 4.4.1.

🔴Vulnerability Details

2
GHSA
GHSA-8gv2-v57r-f43p: The review dashboard resource in Atlassian Crucible from version 42022-05-14
CVEList
CVE-2017-9507: The review dashboard resource in Atlassian Crucible from version 42017-08-24
CVE-2017-9507 — Cross-site Scripting in Atlassian | cvebase