Fisheye and Crucible are prone to cross-site scripting, security- bypass, and information-disclosure vulnerabilities. Attackers can exploit these issues to execute arbitrary script code in the context of the website, steal cookie-based authentication information, disclose sensitive information, or bypass certain security restrictions. Fisheye and Crucible versions prior to 2.4.4 are vulnerable.
Vendor updates are available. Please see the references for more information.
Updated on 2015-03-25
- OneOrZero AIMS 'index.php' Cross Site Scripting Vulnerability
- Axis Commerce HTML Injection Vulnerability
- Bugzilla 'Install/Filesystem.pm' Information Disclosure Vulnerability
- Kusaba X Multiple Cross Site Scripting Vulnerabilities
- Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability