CVE-2018-20240
published 2019-02-20CVE-2018-20240: The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript…
medium4.8CVSS 3.0
AVNACLPRHUIRSCCLILAN
The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | crucible | < 4.7.0 | 4.7.0 |
| atlassian | fisheye | < 4.7.0 | 4.7.0 |
| atlassian | fisheye_and_crucible | >= unspecified < 4.7.0 | 4.7.0 |