Vulnerabilities > Atlassian > Jira
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-17 | CVE-2017-16865 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Jira The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). | 3.5 |
| 2018-01-12 | CVE-2017-16864 | Cross-site Scripting vulnerability in Atlassian Jira The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter. | 4.3 |
| 2018-01-12 | CVE-2017-16862 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability. | 4.3 |
| 2018-01-12 | CVE-2017-14594 | Cross-site Scripting vulnerability in Atlassian Jira and Jira Server The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter. | 4.3 |
| 2017-04-10 | CVE-2017-5983 | Deserialization of Untrusted Data vulnerability in Atlassian Jira The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object. | 7.5 |
| 2017-04-10 | CVE-2016-4319 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings. | 6.8 |
| 2017-04-10 | CVE-2016-4318 | Cross-site Scripting vulnerability in Atlassian Jira Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name. | 3.5 |
| 2017-01-31 | CVE-2016-6285 | Cross-site Scripting vulnerability in Atlassian Jira Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header. | 4.3 |
| 2014-03-09 | CVE-2014-2314 | Path Traversal vulnerability in Atlassian Jira Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors. | 4.3 |
| 2014-03-09 | CVE-2014-2313 | Path Traversal vulnerability in Atlassian Jira Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors. | 4.3 |