VYPR

Vendor CVEs

Atlassian

All CVEs

471 total · sorted by risk
  • CVE-2017-18101MedApr 10, 2018
    risk 0.42cvss 6.5epss 0.01

    Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations…

  • CVE-2017-18037MedFeb 2, 2018
    risk 0.42cvss 6.5epss 0.01

    The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0…

  • CVE-2017-18033MedJan 18, 2018
    risk 0.42cvss 6.5epss 0.01

    The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities.

  • CVE-2018-13395MedAug 28, 2018
    risk 0.40cvss 6.1epss 0.01

    Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and before version 7.11.1 allow remote attackers to…

  • CVE-2018-13392MedAug 13, 2018
    risk 0.40cvss 6.1epss 0.02

    Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue keys.

  • CVE-2018-13390MedAug 10, 2018
    risk 0.40cvss 6.1epss 0.00

    Unauthenticated access to cloudtoken daemon on Linux via network from version 0.1.1 before version 0.1.24 allows attackers on the same subnet to gain temporary AWS credentials for the users' roles.

  • CVE-2018-5232MedJul 18, 2018
    risk 0.40cvss 6.1epss 0.01

    The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuetype parameter.

  • CVE-2018-13387MedJul 16, 2018
    risk 0.40cvss 6.1epss 0.01

    The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to…

  • CVE-2017-16860MedMay 14, 2018
    risk 0.40cvss 6.1epss 0.01

    The invalidRedirectUrl template in Atlassian Application Links before version 5.2.7, from version 5.3.0 before version 5.3.4 and from version 5.4.0 before version 5.4.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability…

  • CVE-2018-5228MedApr 24, 2018
    risk 0.40cvss 6.1epss 0.01

    The /browse/~raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the handling of response headers.

  • CVE-2017-18100MedApr 10, 2018
    risk 0.40cvss 6.1epss 0.01

    The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters.

  • CVE-2017-18098MedApr 6, 2018
    risk 0.40cvss 6.1epss 0.01

    The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fields.

  • CVE-2017-18090MedFeb 16, 2018
    risk 0.40cvss 6.1epss 0.01

    Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a commit author.

  • CVE-2017-18086MedFeb 2, 2018
    risk 0.40cvss 6.1epss 0.01

    Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter.

  • CVE-2017-18085MedFeb 2, 2018
    risk 0.40cvss 6.1epss 0.01

    The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.

  • CVE-2017-18081MedFeb 2, 2018
    risk 0.40cvss 6.1epss 0.01

    The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie.

  • CVE-2017-18039MedFeb 2, 2018
    risk 0.40cvss 6.1epss 0.01

    The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter.

  • CVE-2017-16863MedJan 18, 2018
    risk 0.40cvss 6.1epss 0.01

    The PieChart gadget in Atlassian Jira before version 7.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a project or filter.

  • CVE-2017-16864MedJan 12, 2018
    risk 0.40cvss 6.1epss 0.01

    The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter.

  • CVE-2017-14594MedJan 12, 2018
    risk 0.40cvss 6.1epss 0.01

    The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter.

  • CVE-2017-16856MedDec 5, 2017
    risk 0.40cvss 6.1epss 0.01

    The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme.

  • CVE-2017-14588MedOct 11, 2017
    risk 0.40cvss 6.1epss 0.01

    Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter.

  • CVE-2016-6285MedJan 31, 2017
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.

  • CVE-2017-18104MedJul 24, 2018
    risk 0.38cvss 5.9epss 0.02

    The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers who are able to observe or otherwise intercept webhook events to learn information about changes in issues that should not be sent because they are…

  • CVE-2017-8058MedMay 5, 2017
    risk 0.38cvss 5.9epss 0.01

    Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.

  • CVE-2015-8399MedApr 11, 2016
    risk 0.36cvss 4.3epss 0.61

    Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.

  • CVE-2018-13391MedAug 28, 2018
    risk 0.35cvss 5.3epss 0.02

    The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and from version 7.11.0 before version…

  • CVE-2018-5229MedJul 16, 2018
    risk 0.35cvss 5.4epss 0.01

    The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names.

  • CVE-2018-13388MedJul 10, 2018
    risk 0.35cvss 5.4epss 0.01

    The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files.

  • CVE-2017-18102MedApr 17, 2018
    risk 0.35cvss 5.4epss 0.01

    The wiki markup component of atlassian-renderer from version 8.0.0 before version 8.0.22 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in nested wiki markup.

  • CVE-2017-18097MedApr 6, 2018
    risk 0.35cvss 5.4epss 0.01

    The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the title of a Trello…

  • CVE-2016-10716MedMar 16, 2018
    risk 0.35cvss 5.4epss 0.01

    The Mail.ru Calendar plugin before 2.5.0.61 for Atlassian Jira has XSS via the Name field in a Create Calender action, related to a MailRuCalendar.jspa#period/month URI.

  • CVE-2016-10715MedMar 16, 2018
    risk 0.35cvss 5.4epss 0.01

    The Artezio Kanban Board plugin 1.4 revision 1914 for Atlassian Jira has XSS via the Board Name in a Create New Board action, related to an artezioboard/mainPage.jspa?kanbanId=7#/kanban-view URI.

  • CVE-2017-18095MedFeb 19, 2018
    risk 0.35cvss 5.3epss 0.01

    The SnippetRPCServiceImpl class in Atlassian Crucible before version 4.5.1 (the fixed version 4.5.x) and before 4.6.0 allows remote attackers to comment on snippets they do not have authorization to access via an improper authorization vulnerability.

  • CVE-2017-18092MedFeb 19, 2018
    risk 0.35cvss 5.4epss 0.01

    The print snippet resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of a comment on the snippet.

  • CVE-2017-18089MedFeb 16, 2018
    risk 0.35cvss 5.4epss 0.01

    The view review history resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the invited reviewers for a review.

  • CVE-2017-18083MedFeb 2, 2018
    risk 0.35cvss 5.4epss 0.01

    The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file.

  • CVE-2017-18082MedFeb 2, 2018
    risk 0.35cvss 5.4epss 0.01

    The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch.

  • CVE-2017-18041MedFeb 2, 2018
    risk 0.35cvss 5.4epss 0.01

    The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.

  • CVE-2017-18040MedFeb 2, 2018
    risk 0.35cvss 5.4epss 0.01

    The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.

  • CVE-2017-18038MedFeb 2, 2018
    risk 0.35cvss 5.3epss 0.01

    The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name.

  • CVE-2017-18034MedFeb 2, 2018
    risk 0.35cvss 5.4epss 0.01

    The source browse resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 allows allows remote attackers that have write access to an indexed repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in via a specially…

  • CVE-2017-9513MedJan 29, 2018
    risk 0.35cvss 5.4epss 0.01

    Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have…

  • CVE-2017-16865MedJan 17, 2018
    risk 0.35cvss 5.3epss 0.01

    The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource…

  • CVE-2017-14587MedOct 11, 2017
    risk 0.35cvss 5.4epss 0.01

    The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter.

  • CVE-2017-9510MedAug 24, 2017
    risk 0.35cvss 5.4epss 0.01

    The repository changelog resource in Atlassian Fisheye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the start date and end date parameters.

  • CVE-2017-9509MedAug 24, 2017
    risk 0.35cvss 5.4epss 0.01

    The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file.

  • CVE-2017-9508MedAug 24, 2017
    risk 0.35cvss 5.4epss 0.01

    Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file.

  • CVE-2017-9507MedAug 24, 2017
    risk 0.35cvss 5.4epss 0.01

    The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the review filter title parameter.

  • CVE-2016-4317MedApr 10, 2017
    risk 0.35cvss 5.4epss 0.01

    Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page.

Page 2 of 10