Vulnerabilities > Atlassian > Crucible > 4.5.1

DATE CVE VULNERABILITY TITLE RISK
2018-04-24 CVE-2018-5228 Cross-site Scripting vulnerability in Atlassian Fisheye
The /browse/~raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the handling of response headers.
network
low complexity
atlassian CWE-79
6.1
6.1
2018-03-29 CVE-2018-5223 Improper Input Validation vulnerability in Atlassian Crucible and Fisheye
Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters.
network
low complexity
atlassian CWE-20
7.2
7.2
2018-02-01 CVE-2017-16861 Unspecified vulnerability in Atlassian Fisheye
It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur.
network
low complexity
atlassian
critical
 9.8
9.8