CVE-2017-14587
https://notcve.org/view.php?id=CVE-2017-14587
The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter. El recurso de borrado de usuarios de administración en Atlassian Fisheye y Crucible en versiones anteriores a la 4.4.2 permite a los atacantes remotos inyectar HTML o JavaScript arbitrarios a través de una vulnerabilidad de Cross-Site Scripting (XSS) en el parámetro uname • http://www.securityfocus.com/bid/101266 https://jira.atlassian.com/browse/CRUC-8112 https://jira.atlassian.com/browse/FE-6933 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-14588
https://notcve.org/view.php?id=CVE-2017-14588
Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter. Varios recursos en Atlassian Fisheye y Crucible en versiones anteriores a la 4.4.2 permiten a los atacantes remotos inyectar HTML o JavaScript arbitrarios a través de una vulnerabilidad de cross site scripting (XSS) en el parámetro de diálogo. • http://www.securityfocus.com/bid/101268 https://jira.atlassian.com/browse/CRUC-8113 https://jira.atlassian.com/browse/FE-6935 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-9511
https://notcve.org/view.php?id=CVE-2017-9511
The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system. La clase MultiPathResource en Atlassian FishEye y Crucible en versiones anteriores a la 4.4.1 permite que atacantes anónimos remotos lean archivos arbitrarios mediante una vulnerabilidad de salto de directorio cuando FishEye o Crucible se ejecutan en el sistema operativo Microsoft Windows • https://jira.atlassian.com/browse/CRUC-8049 https://jira.atlassian.com/browse/FE-6891 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2017-9510
https://notcve.org/view.php?id=CVE-2017-9510
The repository changelog resource in Atlassian Fisheye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the start date and end date parameters. El recurso de registro de cambios en el repositorio en Atlassian Fisheye en versiones anteriores a la 4.4.1 permite que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad cross-Site Scripting (XSS a través de los parámetros de fecha de inicio y fecha de finalización • https://jira.atlassian.com/browse/FE-6890 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-9509
https://notcve.org/view.php?id=CVE-2017-9509
The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file. El recurso review file upload en Atlassian Crucible en versiones anteriores a la 4.4.1 permite que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad cross-Site Scripting (XSS) mediante el conjunto de caracteres de un archivo previamente subido. • https://jira.atlassian.com/browse/CRUC-8046 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •