Medium severity6.1NVD Advisory· Published May 14, 2018· Updated Jun 17, 2026
CVE-2017-16860
CVE-2017-16860
Description
The invalidRedirectUrl template in Atlassian Application Links before version 5.2.7, from version 5.3.0 before version 5.3.4 and from version 5.4.0 before version 5.4.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the redirectUrl parameter link in the redirect warning message.
Affected products
2<5.2.7, 5.3.0 to <5.3.4, 5.4.0 to <5.4.3+ 1 more
- (no CPE)range: <5.2.7, 5.3.0 to <5.3.4, 5.4.0 to <5.4.3
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
2- www.securityfocus.com/bid/104188nvdThird Party AdvisoryVDB Entry
- ecosystem.atlassian.net/browse/APL-1363nvdThird Party Advisory
News mentions
0No linked articles in our index yet.