Vulnerabilities > Atlassian > Crucible
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-11 | CVE-2019-15008 | Cross-site Scripting vulnerability in Atlassian Crucible The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the reviewedBranch parameter. | 6.1 |
| 2019-12-11 | CVE-2019-15007 | Cross-site Scripting vulnerability in Atlassian Crucible The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch. | 4.8 |
| 2019-11-08 | CVE-2019-15005 | Missing Authorization vulnerability in Atlassian products The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. | 4.3 |
| 2019-04-30 | CVE-2018-20239 | Cross-site Scripting vulnerability in Atlassian products Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. | 5.4 |
| 2019-02-20 | CVE-2018-20241 | Cross-site Scripting vulnerability in Atlassian Fisheye The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter. | 5.4 |
| 2019-02-20 | CVE-2018-20240 | Cross-site Scripting vulnerability in Atlassian Fisheye The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter. | 4.8 |
| 2018-10-16 | CVE-2018-13399 | Incorrect Permission Assignment for Critical Resource vulnerability in Atlassian Fisheye The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory. | 7.8 |
| 2018-09-18 | CVE-2018-13398 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Fisheye The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnerability. | 6.5 |
| 2018-08-13 | CVE-2018-13392 | Cross-site Scripting vulnerability in Atlassian Fisheye Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue keys. | 6.1 |
| 2018-07-10 | CVE-2018-13388 | Cross-site Scripting vulnerability in Atlassian Fisheye The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files. | 5.4 |