CVE-2017-18041

MEDIUM

Atlassian Bamboo < 6.2.0 - Cross-Site Scripting via Release Name

Title source: llm
STIX 2.1

Description

The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/103071
Issue Tracking, Vendor Advisory x_refsource_confirm
https://jira.atlassian.com/browse/BAM-19662

Scores

CVSS v3 5.4
EPSS 0.0014
EPSS Percentile 34.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
atlassian/bamboo < 6.2.0
Published Feb 02, 2018
Tracked Since Feb 18, 2026