admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2017/18xxx/CVE-2017-18091.json
CVE Team 617647373e
"-Synchronized-Data."
2019-03-17 23:35:33 +00:00

76 lines
2.5 KiB
JSON
Raw Blame History

{
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-02-16T00:00:00",
"ID": "CVE-2017-18091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fisheye and Crucible",
"version": {
"version_data": [
{
"version_value": "prior to 4.4.3"
},
{
"version_value": "prior to 4.5.0"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/FE-7006",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/FE-7006"
},
{
"name": "https://jira.atlassian.com/browse/CRUC-8173",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/CRUC-8173"
},
{
"name": "103079",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103079"
}
]
}
}
Reference in New Issue View Git Blame Copy Permalink