CVE-2018-5228

Name of the Vulnerable Software and Affected Versions Atlassian Fisheye and Crucible versions prior to 4.5.3

Description The issue concerns a cross site scripting (XSS) vulnerability in the handling of response headers. This vulnerability allows remote attackers to inject arbitrary HTML or JavaScript. The /browse/~raw resource is specifically affected.

Recommendations For versions prior to 4.5.3, update to version 4.5.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the /browse/~raw resource until a patch is applied.