CVE-2018-13388
published 2018-07-10CVE-2018-13388: The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a…
medium5.4CVSS 3.0
AVNACLPRLUIRSCCLILAN
The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | crucible | < 4.5.3 | 4.5.3 |
| atlassian | fisheye | < 4.5.3 | 4.5.3 |
| atlassian | fisheye_and_crucible | >= unspecified < 4.5.3 | 4.5.3 |