4.7.2

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-11	CVE-2019-15008	Cross-site Scripting vulnerability in Atlassian Crucible The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the reviewedBranch parameter. network low complexity atlassian CWE-79	6.1
2019-12-11	CVE-2019-15007	Cross-site Scripting vulnerability in Atlassian Crucible The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch. network low complexity atlassian CWE-79	4.8