VYPR

Universal Plugin Manager

by Atlassian

CVEs (3)

  • CVE-2018-5229MedJul 16, 2018
    risk 0.35cvss 5.4epss 0.01

    The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names.

  • CVE-2019-14999Aug 23, 2019
    risk 0.00cvss epss 0.01

    The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on…

  • CVE-2018-20233Jan 18, 2019
    risk 0.00cvss epss 0.02

    The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the…