Atlassian: >> Fisheye >> 4.4.1 Security Vulnerabilities
The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-10-11
Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-10-11
Page 5