Vulnerabilities > Atlassian > Jira > 7.13.0

DATE CVE VULNERABILITY TITLE RISK
2019-05-22 CVE-2019-3402 Cross-site Scripting vulnerability in Atlassian Jira and Jira Server
The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.
network
atlassian CWE-79
4.3
4.3
2019-05-22 CVE-2019-3401 Incorrect Authorization vulnerability in Atlassian Jira and Jira Server
The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.
network
low complexity
atlassian CWE-863
5.0
5.0
2019-05-03 CVE-2018-20824 Cross-site Scripting vulnerability in Atlassian Jira
The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter.
network
atlassian CWE-79
4.3
4.3
2019-04-30 CVE-2019-3399 Missing Authorization vulnerability in Atlassian Jira
The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check.
network
low complexity
atlassian CWE-862
5.0
5.0