CVE-2017-18090: XSS
First published: Fri Feb 16 2018(Updated: )
Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a commit author.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian FishEye | =4.5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2017-18090?
CVE-2017-18090 is a cross-site scripting (XSS) vulnerability in Atlassian Fisheye before version 4.5.1 and before version 4.6.0.
How does CVE-2017-18090 affect Atlassian Fisheye?
CVE-2017-18090 allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting attack on the name of a commit author in Atlassian Fisheye.
What is the severity of CVE-2017-18090?
The severity of CVE-2017-18090 is medium with a CVSS score of 6.1.
How can I fix CVE-2017-18090 in Atlassian Fisheye 4.5.x?
To fix CVE-2017-18090 in Atlassian Fisheye 4.5.x, upgrade to version 4.5.1 which includes the fix.
How can I fix CVE-2017-18090 in Atlassian Fisheye 4.6.0?
To fix CVE-2017-18090 in Atlassian Fisheye 4.6.0, upgrade to a version that includes the fix.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/atlassian
- canonical/atlassian fisheye
- version/atlassian fisheye/4.5.0