Atlassian FishEye Multiple Cross Site Scripting Vulnerabilities Network Vulnerability

Summary

Atlassian FishEye is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user- supplied input. An attacker may leverage these issues to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. Versions prior to Atlassian FishEye 2.3.7 are vulnerable.

Solution

Vendor updates are available. Please see the references for more information.

References

http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-10-20
http://www.atlassian.com/software/fisheye/
http://xforce.iss.net/xforce/xfdb/62658
https://www.securityfocus.com/bid/44264

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
AMSI 'file' Parameter Directory Traversal Vulnerability
Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
Apache Struts2 'XWork' Information Disclosure Vulnerability
Advanced Image Hosting Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities