CVE-2018-13392

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.5%
top 34.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Atlassian Fisheye AND CrucibleAtlassian CrucibleAtlassian Fisheye
Timeline
PublishedAug 13
Latest updateMay 14

Description

Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue keys.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

CVEListV5atlassian/fisheye_and_crucibleunspecified4.6.0
NVDatlassian/fisheye< 4.6.0
NVDatlassian/crucible< 4.6.0

🔴Vulnerability Details

2
GHSA
GHSA-7rgg-pch4-83jc: Several resources in Atlassian Fisheye and Crucible before version 42022-05-14
CVEList
CVE-2018-13392: Several resources in Atlassian Fisheye and Crucible before version 42018-08-13
CVE-2018-13392 (MEDIUM CVSS 6.1) | Several resources in Atlassian Fish | cvebase.io