VYPR

Jira

by Atlassian

Source repositories

CVEs (94)

  • CVE-2012-2926CriMay 22, 2012
    risk 0.67cvss 9.1epss 0.67

    Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3…

  • CVE-2017-5983CriApr 10, 2017
    risk 0.65cvss 9.8epss 0.16

    The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.

  • CVE-2016-4319HigApr 10, 2017
    risk 0.57cvss 8.8epss 0.01

    Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings.

  • CVE-2018-5231HigMay 16, 2018
    risk 0.49cvss 7.5epss 0.03

    The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to perform a denial of service attack via sending requests…

  • CVE-2018-5230MedMay 14, 2018
    risk 0.43cvss 6.1epss 0.38

    The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting…

  • CVE-2017-18101MedApr 10, 2018
    risk 0.42cvss 6.5epss 0.01

    Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations…

  • CVE-2017-18033MedJan 18, 2018
    risk 0.42cvss 6.5epss 0.01

    The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities.

  • CVE-2018-13395MedAug 28, 2018
    risk 0.40cvss 6.1epss 0.01

    Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and before version 7.11.1 allow remote attackers to…

  • CVE-2018-5232MedJul 18, 2018
    risk 0.40cvss 6.1epss 0.01

    The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuetype parameter.

  • CVE-2018-13387MedJul 16, 2018
    risk 0.40cvss 6.1epss 0.01

    The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to…

  • CVE-2017-18100MedApr 10, 2018
    risk 0.40cvss 6.1epss 0.01

    The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters.

  • CVE-2017-18098MedApr 6, 2018
    risk 0.40cvss 6.1epss 0.01

    The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fields.

  • CVE-2017-18039MedFeb 2, 2018
    risk 0.40cvss 6.1epss 0.01

    The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter.

  • CVE-2017-16863MedJan 18, 2018
    risk 0.40cvss 6.1epss 0.01

    The PieChart gadget in Atlassian Jira before version 7.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a project or filter.

  • CVE-2017-16864MedJan 12, 2018
    risk 0.40cvss 6.1epss 0.01

    The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter.

  • CVE-2017-14594MedJan 12, 2018
    risk 0.40cvss 6.1epss 0.01

    The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter.

  • CVE-2016-6285MedJan 31, 2017
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.

  • CVE-2017-18104MedJul 24, 2018
    risk 0.38cvss 5.9epss 0.02

    The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers who are able to observe or otherwise intercept webhook events to learn information about changes in issues that should not be sent because they are…

  • CVE-2018-13391MedAug 28, 2018
    risk 0.35cvss 5.3epss 0.02

    The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and from version 7.11.0 before version…

  • CVE-2017-18097MedApr 6, 2018
    risk 0.35cvss 5.4epss 0.01

    The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the title of a Trello…

Page 1 of 5