Medium severity4.8NVD Advisory· Published Feb 16, 2018· Updated Jun 17, 2026
CVE-2017-18091
CVE-2017-18091
Description
The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4<4.4.3, <4.5.0+ 1 more
- (no CPE)range: <4.4.3, <4.5.0
- (no CPE)range: prior to 4.4.3
Patches
Vulnerability mechanics
References
3- www.securityfocus.com/bid/103079nvdThird Party AdvisoryVDB Entry
- jira.atlassian.com/browse/CRUC-8173nvdVendor Advisory
- jira.atlassian.com/browse/FE-7006nvdVendor Advisory
News mentions
0No linked articles in our index yet.