VYPR

Fisheye

by Atlassian

CVEs (51)

  • CVE-2020-4015Jun 1, 2020
    risk 0.00cvss epss 0.01

    The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a information disclosure vulnerability.

  • CVE-2020-4014Jun 1, 2020
    risk 0.00cvss epss 0.01

    The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to remove another user's watching settings for a repository via an improper authorization vulnerability.

  • CVE-2020-4013Jun 1, 2020
    risk 0.00cvss epss 0.01

    The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives.

  • CVE-2019-15009Dec 11, 2019
    risk 0.00cvss epss 0.01

    The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability.

  • CVE-2019-15008Dec 11, 2019
    risk 0.00cvss epss 0.01

    The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the reviewedBranch parameter.

  • CVE-2019-15007Dec 11, 2019
    risk 0.00cvss epss 0.01

    The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch.

  • CVE-2019-15005Nov 8, 2019
    risk 0.00cvss epss 0.01

    The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration…

  • CVE-2018-20241Feb 20, 2019
    risk 0.00cvss epss 0.01

    The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter.

  • CVE-2018-20240Feb 20, 2019
    risk 0.00cvss epss 0.01

    The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter.

  • CVE-2018-13399Oct 16, 2018
    risk 0.00cvss epss 0.00

    The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.

  • CVE-2011-4822Dec 15, 2011
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the user profile feature in Atlassian FishEye before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) snippets in a user comment, which is not properly handled in a Confluence page, or (2) the user…

Page 3 of 3