GCVE - cpe:2.3:a:atlassian:fisheye:4.5.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:atlassian:fisheye:4.5.0:*:*:*:*:*:*:*

part: a version: 4.5.0 update: *

Vendor	Atlassian (`8acde0d4-2b83-5bd8-8d3f-60d59e0b022e`)
Product	Fisheye (`9e5aff0a-90de-54be-bb50-8771d1420028`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-18094`	vulnerable	2026-06-03 14:36:56.298002	Details available Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allow remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the base path setting of a configured file system repository. Published: 2018-03-22T13:00:00.000Z Updated: 2024-09-16T18:28:38.668Z Open on db.gcve.eu Reference links https://jira.atlassian.com/browse/FE-7010 https://jira.atlassian.com/browse/CRUC-8177	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-18090`	vulnerable	2026-06-03 14:36:56.296528	Details available Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a commit author. Published: 2018-02-16T18:00:00.000Z Updated: 2024-09-17T01:40:40.678Z Open on db.gcve.eu Reference links https://jira.atlassian.com/browse/FE-7000 http://www.securityfocus.com/bid/103076	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-14591`	vulnerable	2026-06-03 14:36:39.438514	Details available Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code on a system running the impacted software. Published: 2017-11-29T21:00:00.000Z Updated: 2024-09-16T20:46:54.683Z Open on db.gcve.eu Reference links https://confluence.atlassian.com/x/plcGO http://www.securityfocus.com/bid/102194	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.