CVE-2019-15007
published 2019-12-11CVE-2019-15007: The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site…
medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | crucible | < 4.7.3 | 4.7.3 |
| atlassian | crucible | >= unspecified < 4.7.3 | 4.7.3 |
| atlassian | fisheye | < 4.7.3 | 4.7.3 |
| atlassian | fisheye | >= unspecified < 4.7.3 | 4.7.3 |