CVE-2011-4822

Multiple cross-site scripting (XSS) vulnerabilities in the user profile feature in Atlassian FishEye before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) snippets in a user comment, which is not properly handled in a Confluence page, or (2) the user profile display name, which is not properly handled in a FishEye page.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
atlassianfisheye
1.3
atlassianfisheye
1.4
atlassianfisheye
1.4.1
atlassianfisheye
1.4.2
atlassianfisheye
1.4.3
atlassianfisheye
1.5.0
atlassianfisheye
1.5.1
atlassianfisheye
1.5.2
atlassianfisheye
1.5.3
atlassianfisheye
1.5.4
atlassianfisheye
1.6.0
atlassianfisheye
1.6.1
atlassianfisheye
1.6.2
atlassianfisheye
1.6.3
atlassianfisheye
1.6.4
atlassianfisheye
1.6.5.a:a
atlassianfisheye
1.6.6
atlassianfisheye
2.0
atlassianfisheye
2.0:beta
atlassianfisheye
2.0:beta2
atlassianfisheye
2.0:beta3
atlassianfisheye
2.0.1
atlassianfisheye
2.0.2
atlassianfisheye
2.0.3
atlassianfisheye
2.0.4
atlassianfisheye
2.0.5
atlassianfisheye
2.0.6
atlassianfisheye
2.1.0
atlassianfisheye
2.1.1
atlassianfisheye
2.1.2
atlassianfisheye
2.1.3
atlassianfisheye
2.1.4
atlassianfisheye
2.2.0
atlassianfisheye
2.2.1
atlassianfisheye
2.2.3
atlassianfisheye
2.3.0
atlassianfisheye
2.3.1
atlassianfisheye
2.3.2
atlassianfisheye
2.3.3
atlassianfisheye
2.3.4
atlassianfisheye
2.3.5
atlassianfisheye
2.3.6
atlassianfisheye
2.3.7
atlassianfisheye
2.3.8
atlassianfisheye
2.4.0
atlassianfisheye
2.4.1
atlassianfisheye
2.4.2
atlassianfisheye
2.4.3
atlassianfisheye
2.4.4
atlassianfisheye
2.4.5
atlassianfisheye
2.4.6
atlassianfisheye
2.5.0
atlassianfisheye
2.5.1
atlassianfisheye
2.5.2
atlassianfisheye
2.5.3
atlassianfisheye
2.5.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2011-11-22
http://osvdb.org/77263
http://osvdb.org/77264
http://secunia.com/advisories/46975
http://www.securityfocus.com/bid/50762
https://exchange.xforce.ibmcloud.com/vulnerabilities/71426
https://exchange.xforce.ibmcloud.com/vulnerabilities/71427
https://jira.atlassian.com/browse/FE-3797
https://jira.atlassian.com/browse/FE-3798
http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2011-11-22
http://osvdb.org/77263
http://osvdb.org/77264
http://secunia.com/advisories/46975
http://www.securityfocus.com/bid/50762
https://exchange.xforce.ibmcloud.com/vulnerabilities/71426
https://exchange.xforce.ibmcloud.com/vulnerabilities/71427
https://jira.atlassian.com/browse/FE-3797
https://jira.atlassian.com/browse/FE-3798