Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-06-01	CVE-2020-4014	Unspecified vulnerability in Atlassian Crucible The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to remove another user's watching settings for a repository via an improper authorization vulnerability. network low complexity atlassian	4.3
2020-06-01	CVE-2020-4013	Cross-site Scripting vulnerability in Atlassian Crucible The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives. network low complexity atlassian CWE-79	5.4
2019-12-11	CVE-2019-15009	Unspecified vulnerability in Atlassian Crucible The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability. network low complexity atlassian	4.3
2019-12-11	CVE-2019-15008	Cross-site Scripting vulnerability in Atlassian Crucible The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the reviewedBranch parameter. network low complexity atlassian CWE-79	6.1
2019-12-11	CVE-2019-15007	Cross-site Scripting vulnerability in Atlassian Crucible The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch. network low complexity atlassian CWE-79	4.8
2019-11-08	CVE-2019-15005	Missing Authorization vulnerability in Atlassian products The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. network low complexity atlassian CWE-862	4.3
2019-04-30	CVE-2018-20239	Cross-site Scripting vulnerability in Atlassian products Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. network low complexity atlassian CWE-79	5.4
2019-02-20	CVE-2018-20241	Cross-site Scripting vulnerability in Atlassian Fisheye The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter. network low complexity atlassian CWE-79	5.4
2019-02-20	CVE-2018-20240	Cross-site Scripting vulnerability in Atlassian Fisheye The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter. network low complexity atlassian CWE-79	4.8
2018-09-18	CVE-2018-13398	Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Fisheye The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnerability. network low complexity atlassian CWE-352	6.5