Vulnerabilities > Atlassian > Jira > 7.6.3

DATE CVE VULNERABILITY TITLE RISK
2018-05-14 CVE-2018-5230 Cross-site Scripting vulnerability in Atlassian Jira
The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified.
network
low complexity
atlassian CWE-79
6.1
6.1
2018-04-10 CVE-2017-18101 Missing Authorization vulnerability in Atlassian Jira
Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks.
network
low complexity
atlassian CWE-862
6.5
6.5
2018-04-10 CVE-2017-18100 Cross-site Scripting vulnerability in Atlassian Jira
The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters.
network
low complexity
atlassian CWE-79
6.1
6.1