Vulnerabilities > Atlassian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-18 | CVE-2018-5232 | Cross-site Scripting vulnerability in Atlassian Jira The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuetype parameter. | 6.1 |
| 2018-07-18 | CVE-2017-18103 | Improper Input Validation vulnerability in Atlassian Http Library The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the Mozilla Firefox Browser through uploaded files that have a content-type of application/mathml+xml. | 4.7 |
| 2018-07-16 | CVE-2018-5229 | Cross-site Scripting vulnerability in Atlassian Universal Plugin Manager The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names. | 5.4 |
| 2018-07-16 | CVE-2018-13387 | Cross-site Scripting vulnerability in Atlassian Jira The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter as the fix for CVE-2017-18039 was incomplete. | 6.1 |
| 2018-07-10 | CVE-2018-13389 | Improper Input Validation vulnerability in Atlassian Confluence The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml. | 4.7 |
| 2018-07-10 | CVE-2018-13388 | Cross-site Scripting vulnerability in Atlassian Fisheye The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files. | 5.4 |
| 2018-07-09 | CVE-2018-1000617 | Improper Input Validation vulnerability in Atlassian Floodlight Controller Atlassian Floodlight Atlassian Floodlight Controller version 1.2 and earlier versions contains a Denial of Service vulnerability in Forwarding module that can result in Improper type cast in Forwarding module allows remote attackers to cause a DoS(thread crash).. | 7.5 |
| 2018-06-28 | CVE-2017-16859 | Path Traversal vulnerability in Atlassian Crucible The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command parameter. | 6.5 |
| 2018-05-16 | CVE-2018-5231 | Unspecified vulnerability in Atlassian Jira The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to perform a denial of service attack via sending requests to it. | 7.5 |
| 2018-05-14 | CVE-2018-5230 | Cross-site Scripting vulnerability in Atlassian Jira The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified. | 6.1 |