Vulnerabilities > Atlassian > Crucible > Low

DATE CVE VULNERABILITY TITLE RISK
2020-06-01 CVE-2020-4013 Cross-site Scripting vulnerability in Atlassian Crucible
The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives.
network
atlassian CWE-79
3.5
3.5
2019-12-11 CVE-2019-15007 Cross-site Scripting vulnerability in Atlassian Crucible
The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch.
network
atlassian CWE-79
3.5
3.5
2019-04-30 CVE-2018-20239 Cross-site Scripting vulnerability in Atlassian products
Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter.
network
atlassian CWE-79
3.5
3.5
2019-02-20 CVE-2018-20240 Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye
The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter.
network
atlassian CWE-79
3.5
3.5
2019-02-20 CVE-2018-20241 Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye
The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter.
network
atlassian CWE-79
3.5
3.5
2018-07-10 CVE-2018-13388 Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye
The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files.
network
atlassian CWE-79
3.5
3.5
2018-03-22 CVE-2017-18094 Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye
Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allow remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the base path setting of a configured file system repository.
network
atlassian CWE-79
3.5
3.5
2018-02-19 CVE-2017-18092 Cross-site Scripting vulnerability in Atlassian Crucible
The print snippet resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of a comment on the snippet.
network
atlassian CWE-79
3.5
3.5
2018-02-19 CVE-2017-18093 Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye
Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allow remote attackers who have permission to add or modify a repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the location setting of a configured repository.
network
atlassian CWE-79
3.5
3.5
2018-02-16 CVE-2017-18089 Cross-site Scripting vulnerability in Atlassian Crucible 4.4.0/4.4.1/4.4.2
The view review history resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the invited reviewers for a review.
network
atlassian CWE-79
3.5
3.5