Medium severity5.4NVD Advisory· Published Feb 2, 2018· Updated Jun 17, 2026
CVE-2017-18034
CVE-2017-18034
Description
The source browse resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 allows allows remote attackers that have write access to an indexed repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in via a specially crafted repository branch name when trying to display deleted files of the branch.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: prior to 4.5.1 and 4.6.0
Patches
Vulnerability mechanics
References
2- jira.atlassian.com/browse/CRUC-8161nvdIssue TrackingVendor Advisory
- jira.atlassian.com/browse/FE-6994nvdIssue TrackingVendor Advisory
News mentions
0No linked articles in our index yet.