CVE-2017-18034 is a vulnerability in Atlassian Crucible
Published on February 2, 2018

The source browse resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 allows allows remote attackers that have write access to an indexed repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in via a specially crafted repository branch name when trying to display deleted files of the branch.

NVD

Products Associated with CVE-2017-18034

Want to know whenever a new CVE is published for Atlassian Crucible? stack.watch will email you.

Atlassian Crucible

Affected Versions

Atlassian Fisheye and Crucible Version prior to 4.5.1 and 4.6.0 is affected by CVE-2017-18034

Exploit Probability

EPSS

0.14%

Percentile

33.90%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2017-18034 is a vulnerability in Atlassian CruciblePublished on February 2, 2018

Products Associated with CVE-2017-18034

Affected Versions

Exploit Probability

CVE-2017-18034 is a vulnerability in Atlassian Crucible
Published on February 2, 2018