CVE-2019-15008
published 2019-12-11CVE-2019-15008: The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the reviewedBranch parameter.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | crucible | < 4.7.3 | 4.7.3 |
| atlassian | crucible | >= unspecified < 4.7.3 | 4.7.3 |
| atlassian | fisheye | < 4.7.3 | 4.7.3 |
| atlassian | fisheye | >= unspecified < 4.7.3 | 4.7.3 |