cvelist/2017/18xxx/CVE-2017-18091.json

{
    "CVE_data_meta": {
        "ASSIGNER": "security@atlassian.com",
        "DATE_PUBLIC": "2018-02-16T00:00:00",
        "ID": "CVE-2017-18091",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Fisheye and Crucible",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "prior to 4.4.3"
                                        },
                                        {
                                            "version_value": "prior to 4.5.0"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Atlassian"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "Cross Site Scripting (XSS)"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "https://jira.atlassian.com/browse/FE-7006",
                "refsource": "CONFIRM",
                "url": "https://jira.atlassian.com/browse/FE-7006"
            },
            {
                "name": "https://jira.atlassian.com/browse/CRUC-8173",
                "refsource": "CONFIRM",
                "url": "https://jira.atlassian.com/browse/CRUC-8173"
            },
            {
                "name": "103079",
                "refsource": "BID",
                "url": "http://www.securityfocus.com/bid/103079"
            }
        ]
    }
}
- Synchronized data. 2018-02-01 10:02:39 -05:00			`{`
"-Synchronized-Data." 2019-03-17 23:35:33 +00:00			`"CVE_data_meta": {`
			`"ASSIGNER": "security@atlassian.com",`
			`"DATE_PUBLIC": "2018-02-16T00:00:00",`
			`"ID": "CVE-2017-18091",`
			`"STATE": "PUBLIC"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Fisheye and Crucible",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "prior to 4.4.3"`
			`},`
			`{`
			`"version_value": "prior to 4.5.0"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Atlassian"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"description": {`
			`"description_data": [`
Add CVE-2017-18089 CVE-2017-18090 CVE-2017-18091. 2018-02-16 18:22:10 +11:00			`{`
"-Synchronized-Data." 2019-03-17 23:35:33 +00:00			`"lang": "eng",`
			`"value": "The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup."`
Add CVE-2017-18089 CVE-2017-18090 CVE-2017-18091. 2018-02-16 18:22:10 +11:00			`}`
"-Synchronized-Data." 2019-03-17 23:35:33 +00:00			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "Cross Site Scripting (XSS)"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "https://jira.atlassian.com/browse/FE-7006",`
			`"refsource": "CONFIRM",`
			`"url": "https://jira.atlassian.com/browse/FE-7006"`
			`},`
			`{`
			`"name": "https://jira.atlassian.com/browse/CRUC-8173",`
			`"refsource": "CONFIRM",`
			`"url": "https://jira.atlassian.com/browse/CRUC-8173"`
			`},`
			`{`
			`"name": "103079",`
			`"refsource": "BID",`
			`"url": "http://www.securityfocus.com/bid/103079"`
			`}`
			`]`
			`}`
			`}`