CVE-2011-4822
Atlassian Fisheye - XSS
Title source: ruleDescription
Multiple cross-site scripting (XSS) vulnerabilities in the user profile feature in Atlassian FishEye before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) snippets in a user comment, which is not properly handled in a Confluence page, or (2) the user profile display name, which is not properly handled in a FishEye page.
References (9)
Scores
EPSS
0.0047
EPSS Percentile
64.2%
Classification
CWE
CWE-79
Status
published
Affected Products (50)
atlassian/fisheye
atlassian/fisheye
atlassian/fisheye
atlassian/fisheye
atlassian/fisheye
atlassian/fisheye
atlassian/fisheye
atlassian/fisheye
atlassian/fisheye
atlassian/fisheye
atlassian/fisheye
atlassian/fisheye
atlassian/fisheye
atlassian/fisheye
atlassian/fisheye
... and 35 more
Timeline
Published
Dec 15, 2011
Tracked Since
Feb 18, 2026