CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-18091

The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 39.9%

CVSS Severity

CVSS v3 Score 4.8

CVSS v2 Score 3.5

References

http://www.securityfocus.com/bid/103079
https://jira.atlassian.com/browse/CRUC-8173
https://jira.atlassian.com/browse/FE-7006
http://www.securityfocus.com/bid/103079
https://jira.atlassian.com/browse/CRUC-8173
https://jira.atlassian.com/browse/FE-7006

Products affected by CVE-2017-18091

Atlassian » Crucible » Version: 4.4.0

cpe:2.3:a:atlassian:crucible:4.4.0
Atlassian » Crucible » Version: 4.4.1

cpe:2.3:a:atlassian:crucible:4.4.1
Atlassian » Crucible » Version: 4.4.2

cpe:2.3:a:atlassian:crucible:4.4.2
Atlassian » Fisheye » Version: 4.4.0

cpe:2.3:a:atlassian:fisheye:4.4.0
Atlassian » Fisheye » Version: 4.4.1

cpe:2.3:a:atlassian:fisheye:4.4.1
Atlassian » Fisheye » Version: 4.4.2

cpe:2.3:a:atlassian:fisheye:4.4.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-18091

Products

Pricing

Contact Us