VYPR

Vendor CVEs

Atlassian

All CVEs

471 total · sorted by risk
  • CVE-2018-18289Oct 14, 2018
    risk 0.00cvss epss 0.01

    The MESILAT Zabbix plugin before 1.1.15 for Atlassian Confluence allows attackers to read arbitrary files.

  • CVE-2012-6342May 13, 2014
    risk 0.00cvss epss 0.02

    Cross-site request forgery (CSRF) vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote attackers to hijack the authentication of administrators for requests that logout the user via a comment.

  • CVE-2014-2313Mar 9, 2014
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors.

  • CVE-2013-5319Aug 20, 2013
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via the name parameter to secure/admin/user/DeleteUser!default.jspa.

  • CVE-2013-3926Jul 1, 2013
    risk 0.00cvss epss 0.02

    Atlassian Crowd 2.6.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to a "symmetric backdoor." NOTE: as of 20130704, the vendor could not reproduce the issue, stating "We've been unable to substantiate the existence of [CVE-2013-3926].…

  • CVE-2013-3925Jul 1, 2013
    risk 0.00cvss epss 0.02

    Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and 2.4.9 allows remote attackers to read arbitrary files and send HTTP requests to intranet servers via a request to (1) /services/2 or (2) services/latest with a DTD containing an XML external entity declaration in…

  • CVE-2012-2928May 22, 2012
    risk 0.00cvss epss 0.03

    The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via…

  • CVE-2012-2927May 22, 2012
    risk 0.00cvss epss 0.01

    The TM Software Tempo plugin before 6.4.3.1, 6.5.x before 6.5.0.2, and 7.x before 7.0.3 for Atlassian JIRA does not properly restrict the capabilities of third-party XML parsers, which allows remote authenticated users to cause a denial of service (resource consumption) via…

  • CVE-2011-4822Dec 15, 2011
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the user profile feature in Atlassian FishEye before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) snippets in a user comment, which is not properly handled in a Confluence page, or (2) the user…

  • CVE-2010-1165Apr 20, 2010
    risk 0.00cvss epss 0.04

    Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.

  • CVE-2010-1164Apr 20, 2010
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) element or (2) defaultColor parameter to the Colour Picker page; the (3) formName parameter, (4) element parameter, or…

  • CVE-2008-6832Jun 8, 2009
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Atlassian JIRA Enterprise Edition 3.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from…

  • CVE-2008-6831Jun 8, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA Enterprise Edition 3.13 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname (Full Name) parameter in the ViewProfile page or (2) returnUrl parameter in a form, as demonstrated…

  • CVE-2008-6531Mar 26, 2009
    risk 0.00cvss epss 0.02

    The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole."

  • CVE-2007-6619Jan 3, 2008
    risk 0.00cvss epss 0.01

    The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language.

  • CVE-2007-6617Jan 3, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterprise Edition before 3.12.1 allows remote attackers to inject arbitrary web script or HTML, which is not properly handled when generating error messages, as demonstrated by input originally sent in the URI to…

  • CVE-2007-6618Jan 3, 2008
    risk 0.00cvss epss 0.01

    JIRA Enterprise Edition before 3.12.1 allows remote attackers to delete another user's shared filter via a modified filter ID.

  • CVE-2006-4856Sep 19, 2006
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Roller WebLogger 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) url parameters; (4) certain content parameters in the preview method; or (5) the q parameter in (a)…

  • CVE-2006-3339Jul 3, 2006
    risk 0.00cvss epss 0.01

    secure/ConfigureReleaseNote.jspa in Atlassian JIRA 3.6.2-#156 allows remote attackers to obtain sensitive information via unspecified manipulations of the projectId parameter, which displays the installation path and other system information in an error message.

  • CVE-2006-3338Jul 3, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a direct request to secure/ConfigureReleaseNote.jspa, which are not sanitized before being returned in an error page.

  • CVE-2005-3967Dec 3, 2005
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter.

Page 10 of 10