CVE-2018-13392
published 2018-08-13CVE-2018-13392: Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site…
medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue keys.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | crucible | < 4.6.0 | 4.6.0 |
| atlassian | fisheye | < 4.6.0 | 4.6.0 |
| atlassian | fisheye_and_crucible | >= unspecified < 4.6.0 | 4.6.0 |