Vulnerabilities > Atlassian > Jira > 4.4.5

DATE CVE VULNERABILITY TITLE RISK
2017-04-10 CVE-2016-4319 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira
Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings.
network
atlassian CWE-352
6.8
6.8
2017-04-10 CVE-2016-4318 Cross-site Scripting vulnerability in Atlassian Jira
Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name.
network
atlassian CWE-79
3.5
3.5
2017-01-31 CVE-2016-6285 Cross-site Scripting vulnerability in Atlassian Jira
Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.
network
atlassian CWE-79
4.3
4.3
2014-03-09 CVE-2014-2314 Path Traversal vulnerability in Atlassian Jira
Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors. 		4.3
4.3
2014-03-09 CVE-2014-2313 Path Traversal vulnerability in Atlassian Jira
Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors. 		4.3
4.3
2013-08-20 CVE-2013-5319 Cross-Site Scripting vulnerability in Atlassian Jira
Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via the name parameter to secure/admin/user/DeleteUser!default.jspa.
network
atlassian CWE-79
4.3
4.3
2012-05-22 CVE-2012-2928 Permissions, Privileges, and Access Controls vulnerability in multiple products
The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
network
low complexity
atlassian gliffy CWE-264
6.4
6.4
2012-05-22 CVE-2012-2926 Unspecified vulnerability in Atlassian products
Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
network
low complexity
atlassian
6.4
6.4