Various administrative application link resources in Atlassian Application Links before version 5.4.4 allow remote attackers with administration rights to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the display url of a configured application link.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/103731 | Third Party Advisory VDB Entry |
https://ecosystem.atlassian.net/browse/APL-1361 | Issue Tracking Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: atlassian
Published: 2018-04-10T00:00:00
Updated: 2018-04-12T09:57:02
Reserved: 2018-01-05T00:00:00
Link: CVE-2018-5227
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-04-10T13:29:00.447
Modified: 2018-05-16T15:26:05.813
Link: CVE-2018-5227
JSON object: View
Redhat Information
No data.
CWE