CVE-2017-16860
Summary
| CVE | CVE-2017-16860 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-05-14 13:29:00 UTC |
| Updated | 2018-06-19 15:28:00 UTC |
| Description | The invalidRedirectUrl template in Atlassian Application Links before version 5.2.7, from version 5.3.0 before version 5.3.4 and from version 5.4.0 before version 5.4.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the redirectUrl parameter link in the redirect warning message. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Atlassian | Application Links | All | All | All | All |
| Application | Atlassian | Application Links | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [APL-1363] XSS in the invalidRedirectUrl template through the redirectUrl parameter - CVE-2017-16860 - Ecosystem Jira | CONFIRM | ecosystem.atlassian.net | Third Party Advisory |
| Atlassian Application Links CVE-2017-16860 Cross Site Scripting Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.