Vulnerabilities > Atlassian > Jira > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-23 | CVE-2019-11585 | Open Redirect vulnerability in Atlassian Jira The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect. | 6.1 |
| 2019-08-23 | CVE-2019-11584 | Cross-site Scripting vulnerability in Atlassian Jira The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url of an issue priority. | 6.1 |
| 2019-08-09 | CVE-2018-20827 | Cross-site Scripting vulnerability in Atlassian Jira The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the country parameter. | 5.4 |
| 2019-08-09 | CVE-2018-20826 | Incorrect Authorization vulnerability in Atlassian Jira The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check. | 4.3 |
| 2019-06-26 | CVE-2019-11583 | Unspecified vulnerability in Atlassian Jira The issue searching component in Jira before version 8.1.0 allows remote attackers to deny access to Jira service via denial of service vulnerability in issue search when ordering by "Epic Name". | 6.5 |
| 2019-05-22 | CVE-2019-3403 | Incorrect Authorization vulnerability in Atlassian Jira The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check. | 5.3 |
| 2019-05-22 | CVE-2019-3402 | Cross-site Scripting vulnerability in Atlassian Jira The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter. | 6.1 |
| 2019-05-22 | CVE-2019-3401 | Incorrect Authorization vulnerability in Atlassian Jira The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check. | 5.3 |
| 2019-05-03 | CVE-2018-20824 | Cross-site Scripting vulnerability in Atlassian Jira The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter. | 6.1 |
| 2019-02-13 | CVE-2018-20232 | Cross-site Scripting vulnerability in Atlassian Jira The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location that could be manipulated by the up_projectid widget preference setting. | 5.4 |