Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4822

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-4822
Last Modified 15 Dec 2011 12:00:00
Published 14 Dec 2011 10:57:34
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4822

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the user profile feature in Atlassian FishEye before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) snippets in a user comment, which is not properly handled in a Confluence page, or (2) the user profile display name, which is not properly handled in a FishEye page.

Vulnerable Systems

Application

  • Atlassian Fisheye 1.3

  • Atlassian Fisheye 1.4

  • Atlassian Fisheye 1.4.1

  • Atlassian Fisheye 1.4.2

  • Atlassian Fisheye 1.4.3

  • Atlassian Fisheye 1.5.0

  • Atlassian Fisheye 1.5.1

  • Atlassian Fisheye 1.5.2

  • Atlassian Fisheye 1.5.3

  • Atlassian Fisheye 1.5.4

  • Atlassian Fisheye 1.6.0

  • Atlassian Fisheye 1.6.1

  • Atlassian Fisheye 1.6.2

  • Atlassian Fisheye 1.6.3

  • Atlassian Fisheye 1.6.4

  • Atlassian Fisheye 1.6.5.a

  • Atlassian Fisheye 1.6.6

  • Atlassian Fisheye 2.0

  • Atlassian Fisheye 2.0.1

  • Atlassian Fisheye 2.0.2

  • Atlassian Fisheye 2.0.3

  • Atlassian Fisheye 2.0.4

  • Atlassian Fisheye 2.0.5

  • Atlassian Fisheye 2.0.6

  • Atlassian Fisheye 2.1.0

  • Atlassian Fisheye 2.1.1

  • Atlassian Fisheye 2.1.2

  • Atlassian Fisheye 2.1.3

  • Atlassian Fisheye 2.1.4

  • Atlassian Fisheye 2.2.0

  • Atlassian Fisheye 2.2.1

  • Atlassian Fisheye 2.2.3

  • Atlassian Fisheye 2.3.0

  • Atlassian Fisheye 2.3.1

  • Atlassian Fisheye 2.3.2

  • Atlassian Fisheye 2.3.3

  • Atlassian Fisheye 2.3.4

  • Atlassian Fisheye 2.3.5

  • Atlassian Fisheye 2.3.6

  • Atlassian Fisheye 2.3.7

  • Atlassian Fisheye 2.3.8

  • Atlassian Fisheye 2.4.0

  • Atlassian Fisheye 2.4.1

  • Atlassian Fisheye 2.4.2

  • Atlassian Fisheye 2.4.3

  • Atlassian Fisheye 2.4.4

  • Atlassian Fisheye 2.4.5

  • Atlassian Fisheye 2.4.6

  • Atlassian Fisheye 2.5.0

  • Atlassian Fisheye 2.5.1

  • Atlassian Fisheye 2.5.2

  • Atlassian Fisheye 2.5.3

  • Atlassian Fisheye 2.5.4


References

CONFIRM - https://jira.atlassian.com/browse/FE-3798

CONFIRM - https://jira.atlassian.com/browse/FE-3797

XF - fisheye-comment-xss(71427)

XF - fisheye-display-name-xss(71426)

BID - 50762

SECUNIA - 46975

OSVDB - 77264

OSVDB - 77263

CONFIRM - http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2011-11-22


Last Updated: 27 May 2016 10:57:55