CVE-2017-9508

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.2%
top 55.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Atlassian Atlassian Fisheye AND CrucibleAtlassian CrucibleAtlassian Fisheye
Timeline
PublishedAug 24
Latest updateMay 13

Description

Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

CVEListV5atlassian/atlassian_fisheye_and_crucibleAll versions prior to version 4.4.1
NVDatlassian/fisheye4.3.1, 4.4.0+1
NVDatlassian/crucible4.3.1, 4.4.0+1

🔴Vulnerability Details

2
GHSA
GHSA-v6pq-6x5h-jcmq: Various resources in Atlassian Fisheye and Crucible before version 42022-05-13
CVEList
CVE-2017-9508: Various resources in Atlassian Fisheye and Crucible before version 42017-08-24
CVE-2017-9508 (MEDIUM CVSS 5.4) | Various resources in Atlassian Fish | cvebase.io