CVE-2011-4822: XSS
First published: Thu Dec 15 2011(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the user profile feature in Atlassian FishEye before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) snippets in a user comment, which is not properly handled in a Confluence page, or (2) the user profile display name, which is not properly handled in a FishEye page.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian FishEye | =2.4.6 | |
| Atlassian FishEye | =2.0-beta2 | |
| Atlassian FishEye | =2.5.1 | |
| Atlassian FishEye | =2.1.2 | |
| Atlassian FishEye | =2.3.5 | |
| Atlassian FishEye | =2.0.1 | |
| Atlassian FishEye | =2.1.0 | |
| Atlassian FishEye | =2.4.4 | |
| Atlassian FishEye | =2.5.4 | |
| Atlassian FishEye | =2.3.7 | |
| Atlassian FishEye | =2.2.0 | |
| Atlassian FishEye | =2.3.2 | |
| Atlassian FishEye | =2.4.5 | |
| Atlassian FishEye | =2.1.4 | |
| Atlassian FishEye | =2.0-beta3 | |
| Atlassian FishEye | =1.6.3 | |
| Atlassian FishEye | =2.1.1 | |
| Atlassian FishEye | =1.5.1 | |
| Atlassian FishEye | =1.5.3 | |
| Atlassian FishEye | =1.6.6 | |
| Atlassian FishEye | =2.0.3 | |
| Atlassian FishEye | =2.3.8 | |
| Atlassian FishEye | =2.5.0 | |
| Atlassian FishEye | =2.3.4 | |
| Atlassian FishEye | =1.5.0 | |
| Atlassian FishEye | =1.6.5.a | |
| Atlassian FishEye | =1.6.1 | |
| Atlassian FishEye | =2.4.1 | |
| Atlassian FishEye | =2.0.4 | |
| Atlassian FishEye | =1.6.4 | |
| Atlassian FishEye | =1.4.1 | |
| Atlassian FishEye | =1.5.4 | |
| Atlassian FishEye | =2.4.3 | |
| Atlassian FishEye | =1.4.3 | |
| Atlassian FishEye | =1.3 | |
| Atlassian FishEye | =2.1.3 | |
| Atlassian FishEye | =1.6.0 | |
| Atlassian FishEye | =2.0.2 | |
| Atlassian FishEye | =2.5.2 | |
| Atlassian FishEye | =1.4.2 | |
| Atlassian FishEye | =2.4.0 | |
| Atlassian FishEye | =2.3.1 | |
| Atlassian FishEye | =2.2.3 | |
| Atlassian FishEye | =2.0.6 | |
| Atlassian FishEye | =1.6.2 | |
| Atlassian FishEye | =2.3.3 | |
| Atlassian FishEye | =2.3.6 | |
| Atlassian FishEye | =2.5.3 | |
| Atlassian FishEye | =2.0-beta | |
| Atlassian FishEye | =2.3.0 | |
| Atlassian FishEye | =2.4.2 | |
| Atlassian FishEye | =2.0 | |
| Atlassian FishEye | =2.2.1 | |
| Atlassian FishEye | =1.5.2 | |
| Atlassian FishEye | =1.4 | |
| Atlassian FishEye | =2.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/46975
- http://www.securityfocus.com/bid/50762
- http://osvdb.org/77264
- http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2011-11-22
- https://jira.atlassian.com/browse/FE-3797
- https://jira.atlassian.com/browse/FE-3798
- http://osvdb.org/77263
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71427
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71426
Frequently Asked Questions
What is the severity of CVE-2011-4822?
CVE-2011-4822 has a severity rating that suggests it can lead to cross-site scripting (XSS) vulnerabilities impacting user profile features in Atlassian FishEye.
How do I fix CVE-2011-4822?
To fix CVE-2011-4822, update Atlassian FishEye to version 2.5.5 or later, which addresses these XSS vulnerabilities.
What types of vulnerabilities does CVE-2011-4822 describe?
CVE-2011-4822 describes multiple cross-site scripting (XSS) vulnerabilities related to user comments and profile display names.
Which versions of Atlassian FishEye are affected by CVE-2011-4822?
CVE-2011-4822 affects multiple versions of Atlassian FishEye, specifically those prior to 2.5.5.
Can attackers exploit CVE-2011-4822 to execute malicious scripts?
Yes, attackers can exploit CVE-2011-4822 to inject arbitrary web scripts or HTML via the vulnerable user profile feature.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/references
- agent/severity
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/atlassian
- canonical/atlassian fisheye
- version/atlassian fisheye/2.4.6
- version/atlassian fisheye/2.0-beta2
- version/atlassian fisheye/2.5.1
- version/atlassian fisheye/2.1.2
- version/atlassian fisheye/2.3.5
- version/atlassian fisheye/2.0.1
- version/atlassian fisheye/2.1.0
- version/atlassian fisheye/2.4.4
- version/atlassian fisheye/2.5.4
- version/atlassian fisheye/2.3.7
- version/atlassian fisheye/2.2.0
- version/atlassian fisheye/2.3.2
- version/atlassian fisheye/2.4.5
- version/atlassian fisheye/2.1.4
- version/atlassian fisheye/2.0-beta3
- version/atlassian fisheye/1.6.3
- version/atlassian fisheye/2.1.1
- version/atlassian fisheye/1.5.1
- version/atlassian fisheye/1.5.3
- version/atlassian fisheye/1.6.6
- version/atlassian fisheye/2.0.3
- version/atlassian fisheye/2.3.8
- version/atlassian fisheye/2.5.0
- version/atlassian fisheye/2.3.4
- version/atlassian fisheye/1.5.0
- version/atlassian fisheye/1.6.5.a
- version/atlassian fisheye/1.6.1
- version/atlassian fisheye/2.4.1
- version/atlassian fisheye/2.0.4
- version/atlassian fisheye/1.6.4
- version/atlassian fisheye/1.4.1
- version/atlassian fisheye/1.5.4
- version/atlassian fisheye/2.4.3
- version/atlassian fisheye/1.4.3
- version/atlassian fisheye/1.3
- version/atlassian fisheye/2.1.3
- version/atlassian fisheye/1.6.0
- version/atlassian fisheye/2.0.2
- version/atlassian fisheye/2.5.2
- version/atlassian fisheye/1.4.2
- version/atlassian fisheye/2.4.0
- version/atlassian fisheye/2.3.1
- version/atlassian fisheye/2.2.3
- version/atlassian fisheye/2.0.6
- version/atlassian fisheye/1.6.2
- version/atlassian fisheye/2.3.3
- version/atlassian fisheye/2.3.6
- version/atlassian fisheye/2.5.3
- version/atlassian fisheye/2.0-beta
- version/atlassian fisheye/2.3.0
- version/atlassian fisheye/2.4.2
- version/atlassian fisheye/2.0
- version/atlassian fisheye/2.2.1
- version/atlassian fisheye/1.5.2
- version/atlassian fisheye/1.4
- version/atlassian fisheye/2.0.5