This script is Copyright (C) 2010-2012 Tenable Network Security, Inc.
The remote web server has a cross-site scripting vulnerability.
The version of Atlassian FishEye running on the remote host has a
cross-site scripting vulnerability. The Code Metrics Report Plugin
does not properly sanitize user input.
A remote attacker could exploit this by tricking a user into making a
maliciously crafted request, resulting in the execution of arbitrary
This version of FishEye may have an additional cross-site scripting
vulnerability, though Nessus did not check for that issue.
See also :
Upgrade to FishEye 2.3.7 / 2.4 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 50450 ()
Bugtraq ID: 44264