Total vulnerabilities in the database
The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter.
Software | From | Fixed in |
---|---|---|
atlassian / fisheye | - | 4.4.1.x |
atlassian / crucible | - | 4.4.1.x |