Atlassian Bitbucket Server 4.5.x < 4.5.3 XSS
Medium Nessus Network Monitor Plugin ID 9885
SynopsisThe remote Bitbucket server is affected by a Cross-Site Scripting (XSS) attack vector.
DescriptionVersions of Bitbucket 4.5.x, prior to 4.5.3 contain a flaw that allows a XSS attack. This flaw exists because the program does not validate input when moving user repositories before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
SolutionUpgrade to Bitbucket version 4.5.3 or later.