The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and prior to 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
atlassian fisheye |
||
atlassian crucible |