{"cve":{"cve_id":"CVE-2017-18091","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00889,"epss_percentile":0.54653,"epss_as_of":"2026-06-23","description":"The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup.","published_at":"2018-02-16T18:00:00Z","last_modified_at":null,"cvss_v3_score":null,"cvss_v3_vector":null,"cvss_v3_severity":null,"cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":null,"nvd_references":["https://jira.atlassian.com/browse/FE-7006","https://jira.atlassian.com/browse/CRUC-8173","http://www.securityfocus.com/bid/103079"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:09:50.142927Z"},"effective_severity":null,"badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":null,"metrics":[]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"fisheye-and-crucible","product_name":"Fisheye and Crucible","version_start":"prior to 4.4.3","version_start_inclusive":true,"version_end":"prior to 4.4.3","version_end_inclusive":true,"cpe23_uri":"cve5:atlassian:fisheye-and-crucible:prior to 4.4.3:prior to 4.4.3"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"fisheye-and-crucible","product_name":"Fisheye and Crucible","version_start":"prior to 4.5.0","version_start_inclusive":true,"version_end":"prior to 4.5.0","version_end_inclusive":true,"cpe23_uri":"cve5:atlassian:fisheye-and-crucible:prior to 4.5.0:prior to 4.5.0"}],"exploit_refs":[],"news":[],"references":[{"url":"https://jira.atlassian.com/browse/FE-7006","source_type":"MISC","tags":[]},{"url":"https://jira.atlassian.com/browse/CRUC-8173","source_type":"MISC","tags":[]},{"url":"http://www.securityfocus.com/bid/103079","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2018-02-16T18:00:00Z","label":"CVE published","source":null}]}