Vulnerabilities > Atlassian > Crucible > 4.7.0

DATE CVE VULNERABILITY TITLE RISK
2019-12-11 CVE-2019-15008 Cross-site Scripting vulnerability in Atlassian Crucible
The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the reviewedBranch parameter.
network
low complexity
atlassian CWE-79
6.1
6.1
2019-12-11 CVE-2019-15007 Cross-site Scripting vulnerability in Atlassian Crucible
The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch.
network
low complexity
atlassian CWE-79
4.8
4.8
2019-11-08 CVE-2019-15005 Missing Authorization vulnerability in Atlassian products
The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check.
network
low complexity
atlassian CWE-862
4.3
4.3