CVE-2018-20241

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.2%
top 58.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Atlassian Fisheye AND CrucibleAtlassian CrucibleAtlassian Fisheye
Timeline
PublishedFeb 20
Latest updateMay 14

Description

The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

CVEListV5atlassian/fisheye_and_crucibleunspecified4.7.0
NVDatlassian/fisheye< 4.7.0
NVDatlassian/crucible< 4.7.0

🔴Vulnerability Details

2
GHSA
GHSA-767r-86pw-rj9x: The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 42022-05-14
CVEList
CVE-2018-20241: The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 42019-02-20
CVE-2018-20241 (MEDIUM CVSS 5.4) | The Edit upload resource for a revi | cvebase.io