Vulnerability Name:

CVE-2011-4822 (CCN-71426)

Assigned:2011-11-20
Published:2011-11-20
Updated:2017-08-29
Summary:Multiple cross-site scripting (XSS) vulnerabilities in the user profile feature in Atlassian FishEye before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) snippets in a user comment, which is not properly handled in a Confluence page, or (2) the user profile display name, which is not properly handled in a FishEye page.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Cross-Site Scripting
References:Source: CCN
Type: FishEye and Crucible Security Advisory 2011-11-22
FishEye 2.7 Documentation

Source: CONFIRM
Type: UNKNOWN
http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2011-11-22

Source: MITRE
Type: CNA
CVE-2011-4822

Source: OSVDB
Type: UNKNOWN
77263

Source: OSVDB
Type: UNKNOWN
77264

Source: CCN
Type: SA46975
FishEye / Crucible Security Bypass Security Issue and Script Insertion Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
46975

Source: CCN
Type: Atlassian Web site
Crucible

Source: CCN
Type: OSVDB ID: 77263
Atlassian FishEye / Crucible User Profile Display Name Unspecified XSS

Source: CCN
Type: OSVDB ID: 77264
Atlassian FishEye / Crucible User Comment Snippets Unspecified XSS

Source: BID
Type: UNKNOWN
50762

Source: CCN
Type: BID-50762
FishEye and Crucible Multiple HTML Injection and Unauthorized Access Vulnerabilities

Source: XF
Type: UNKNOWN
fisheye-cve20114822-xss(71426)

Source: XF
Type: UNKNOWN
fisheye-display-name-xss(71426)

Source: XF
Type: UNKNOWN
fisheye-comment-xss(71427)

Source: CONFIRM
Type: UNKNOWN
https://jira.atlassian.com/browse/FE-3797

Source: CONFIRM
Type: UNKNOWN
https://jira.atlassian.com/browse/FE-3798

Vulnerable Configuration:Configuration 1:
  • cpe:/a:atlassian:fisheye:1.3:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:1.4:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:1.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:1.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:1.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:1.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:1.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:1.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:1.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:1.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:1.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:1.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:1.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:1.6.3:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:1.6.4:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:1.6.5.a:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:1.6.6:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.0:beta:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.3.7:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.3.8:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.4.5:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.5.4:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:atlassian:fisheye:2.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:fisheye:2.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:crucible:2.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:crucible:2.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:crucible:2.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:crucible:2.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:crucible:2.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:atlassian:crucible:2.5.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    atlassian fisheye 1.3
    atlassian fisheye 1.4
    atlassian fisheye 1.4.1
    atlassian fisheye 1.4.2
    atlassian fisheye 1.4.3
    atlassian fisheye 1.5.0
    atlassian fisheye 1.5.1
    atlassian fisheye 1.5.2
    atlassian fisheye 1.5.3
    atlassian fisheye 1.5.4
    atlassian fisheye 1.6.0
    atlassian fisheye 1.6.1
    atlassian fisheye 1.6.2
    atlassian fisheye 1.6.3
    atlassian fisheye 1.6.4
    atlassian fisheye 1.6.5.a
    atlassian fisheye 1.6.6
    atlassian fisheye 2.0
    atlassian fisheye 2.0 beta
    atlassian fisheye 2.0 beta2
    atlassian fisheye 2.0 beta3
    atlassian fisheye 2.0.1
    atlassian fisheye 2.0.2
    atlassian fisheye 2.0.3
    atlassian fisheye 2.0.4
    atlassian fisheye 2.0.5
    atlassian fisheye 2.0.6
    atlassian fisheye 2.1.0
    atlassian fisheye 2.1.1
    atlassian fisheye 2.1.2
    atlassian fisheye 2.1.3
    atlassian fisheye 2.1.4
    atlassian fisheye 2.2.0
    atlassian fisheye 2.2.1
    atlassian fisheye 2.2.3
    atlassian fisheye 2.3.0
    atlassian fisheye 2.3.1
    atlassian fisheye 2.3.2
    atlassian fisheye 2.3.3
    atlassian fisheye 2.3.4
    atlassian fisheye 2.3.5
    atlassian fisheye 2.3.6
    atlassian fisheye 2.3.7
    atlassian fisheye 2.3.8
    atlassian fisheye 2.4.0
    atlassian fisheye 2.4.1
    atlassian fisheye 2.4.2
    atlassian fisheye 2.4.3
    atlassian fisheye 2.4.4
    atlassian fisheye 2.4.5
    atlassian fisheye 2.4.6
    atlassian fisheye 2.5.0
    atlassian fisheye 2.5.1
    atlassian fisheye 2.5.2
    atlassian fisheye 2.5.3
    atlassian fisheye 2.5.4
    atlassian fisheye 2.4.6
    atlassian fisheye 2.5.0
    atlassian fisheye 2.5.1
    atlassian fisheye 2.5.2
    atlassian fisheye 2.5.3
    atlassian fisheye 2.5.4
    atlassian crucible 2.4.6
    atlassian crucible 2.5.0
    atlassian crucible 2.5.1
    atlassian crucible 2.5.2
    atlassian crucible 2.5.3
    atlassian crucible 2.5.4