Vulnerabilities > Atlassian > Jira > 7.6.1

DATE CVE VULNERABILITY TITLE RISK
2018-05-14 CVE-2018-5230 Cross-site Scripting vulnerability in Atlassian Jira
The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified.
network
atlassian CWE-79
4.3
4.3
2018-04-10 CVE-2017-18101 Missing Authorization vulnerability in Atlassian Jira and Jira Server
Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks.
network
low complexity
atlassian CWE-862
6.4
6.4
2018-04-10 CVE-2017-18100 Cross-site Scripting vulnerability in Atlassian Jira
The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters.
network
atlassian CWE-79
4.3
4.3
2018-01-12 CVE-2017-16862 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira
The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability.
network
atlassian CWE-352
4.3
4.3