CVE-2018-13392: XSS
First published: Mon Aug 13 2018(Updated: )
Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue keys.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Crucible | <4.6.0 | |
| Atlassian FishEye | <4.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-13392?
CVE-2018-13392 is a vulnerability in Atlassian Fisheye and Crucible before version 4.6.0 that allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue keys.
How can this vulnerability be exploited?
This vulnerability can be exploited by remote attackers who can inject arbitrary HTML or JavaScript through a cross-site scripting (XSS) attack on linked issue keys in Atlassian Fisheye and Crucible applications.
What is the severity of CVE-2018-13392?
The severity of CVE-2018-13392 is medium with a CVSS score of 6.1.
Which versions of Atlassian Fisheye and Crucible are affected by this vulnerability?
Atlassian Fisheye and Crucible versions up to but excluding 4.6.0 are affected by this vulnerability.
How can I mitigate the CVE-2018-13392 vulnerability?
To mitigate the CVE-2018-13392 vulnerability, users should update their Atlassian Fisheye and Crucible installations to version 4.6.0 or higher.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/tags
- agent/type
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/atlassian
- canonical/atlassian crucible
- canonical/atlassian fisheye