CVE-2017-16860: XSS
First published: Mon May 14 2018(Updated: )
The invalidRedirectUrl template in Atlassian Application Links before version 5.2.7, from version 5.3.0 before version 5.3.4 and from version 5.4.0 before version 5.4.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the redirectUrl parameter link in the redirect warning message.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Application Links | <5.2.7 | |
| Atlassian Application Links | >=5.3.0<5.3.4 | |
| Atlassian Application Links | >=5.4.0<5.4.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2017-16860.
What is the severity rating of CVE-2017-16860?
CVE-2017-16860 has a severity rating of 6.1 (Medium).
What is the affected software for CVE-2017-16860?
The affected software for CVE-2017-16860 is Atlassian Application Links versions up to 5.2.7, versions between 5.3.0 and 5.3.4, and versions between 5.4.0 and 5.4.3.
What is the CWE category for CVE-2017-16860?
The CWE category for CVE-2017-16860 is CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')).
How can I fix CVE-2017-16860?
To fix CVE-2017-16860, it is recommended to upgrade to Atlassian Application Links version 5.2.7 or later.
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- agent/description
- agent/event
- agent/weakness
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/atlassian
- canonical/atlassian application links
- version/atlassian application links/5.3.0
- version/atlassian application links/5.4.0