Vulnerabilities > Atlassian > Jira Server > 8.0.4

DATE CVE VULNERABILITY TITLE RISK
2019-08-23 CVE-2019-11585 Open Redirect vulnerability in Atlassian Jira
The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.
network
low complexity
atlassian CWE-601
6.1
6.1
2019-08-13 CVE-2019-8448 Unspecified vulnerability in Atlassian Jira Server
The login.jsp resource in Jira before version 7.13.4, and from version 8.0.0 before version 8.2.2 allows remote attackers to enumerate usernames via an information disclosure vulnerability.
network
low complexity
atlassian
5.3
5.3
2019-05-22 CVE-2019-3402 Cross-site Scripting vulnerability in Atlassian Jira
The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.
network
low complexity
atlassian CWE-79
6.1
6.1
2019-05-22 CVE-2019-3401 Incorrect Authorization vulnerability in Atlassian Jira
The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.
network
low complexity
atlassian CWE-863
5.3
5.3
2019-04-30 CVE-2018-20239 Cross-site Scripting vulnerability in Atlassian products
Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter.
network
low complexity
atlassian CWE-79
5.4
5.4
2018-04-17 CVE-2017-18102 Cross-site Scripting vulnerability in Atlassian Jira Server
The wiki markup component of atlassian-renderer from version 8.0.0 before version 8.0.22 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in nested wiki markup.
network
low complexity
atlassian CWE-79
5.4
5.4