CVE-2017-16860

CVE Database · CVE-2017-16860

CVE-2017-16860

· N/AModified

CVSS v3.1

N/A

EPSS

0.92%

Published

May 14, 2018

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The invalidRedirectUrl template in Atlassian Application Links before version 5.2.7, from version 5.3.0 before version 5.3.4 and from version 5.4.0 before version 5.4.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the redirectUrl parameter link in the redirect warning message.

Weaknesses (CWE)

CWE-79

Affected Products (3)

atlassian · application_links (up to 5.2.7)vulnerable

atlassian · application_links (up to 5.3.4)vulnerable

atlassian · application_links (up to 5.4.3)vulnerable

References (4)

http://www.securityfocus.com/bid/104188

Third Party AdvisoryVDB Entry

https://ecosystem.atlassian.net/browse/APL-1363

Third Party Advisory

http://www.securityfocus.com/bid/104188

Third Party AdvisoryVDB Entry

https://ecosystem.atlassian.net/browse/APL-1363

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs