CVE-2017-18089: XSS
First published: Fri Feb 16 2018(Updated: )
The view review history resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the invited reviewers for a review.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Crucible | >=4.4.0<4.4.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this Atlassian Crucible vulnerability?
The vulnerability ID for this Atlassian Crucible vulnerability is CVE-2017-18089.
What is the severity of CVE-2017-18089?
The severity of CVE-2017-18089 is medium with a severity value of 5.4.
How does the vulnerability in Atlassian Crucible before version 4.4.3 allow remote attackers to inject arbitrary HTML or JavaScript?
The vulnerability allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting (XSS) vulnerability through the invited reviewers for a review.
Which software versions are affected by CVE-2017-18089?
The software versions affected by CVE-2017-18089 are Atlassian Crucible versions 4.4.0 to 4.4.3 (inclusive) and version 4.5.0.
Is there a fix available for CVE-2017-18089?
Yes, the fix for CVE-2017-18089 is included in Atlassian Crucible version 4.4.3 (the fixed version for 4.4.x) and version 4.5.0.
- collector/nvd-index
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/type
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/atlassian
- canonical/atlassian crucible
- version/atlassian crucible/4.4.0