Medium severity4.8NVD Advisory· Published Mar 22, 2018· Updated Jun 17, 2026
CVE-2017-18094
CVE-2017-18094
Description
Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allow remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the base path setting of a configured file system repository.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: prior to 4.4.3
Patches
Vulnerability mechanics
References
2- jira.atlassian.com/browse/CRUC-8177nvdVendor Advisory
- jira.atlassian.com/browse/FE-7010nvdVendor Advisory
News mentions
0No linked articles in our index yet.