Vulnerabilities > Atlassian

DATE CVE VULNERABILITY TITLE RISK
2018-07-24 CVE-2017-18104 Information Exposure vulnerability in Atlassian Jira
The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers who are able to observe or otherwise intercept webhook events to learn information about changes in issues that should not be sent because they are not contained within the results of a specified JQL query.
network
high complexity
atlassian CWE-200
5.9
2018-07-18 CVE-2018-5232 Cross-site Scripting vulnerability in Atlassian Jira
The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuetype parameter.
network
low complexity
atlassian CWE-79
6.1
2018-07-18 CVE-2017-18103 Improper Input Validation vulnerability in Atlassian Http Library
The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the Mozilla Firefox Browser through uploaded files that have a content-type of application/mathml+xml.
network
low complexity
atlassian CWE-20
4.7
2018-07-16 CVE-2018-5229 Cross-site Scripting vulnerability in Atlassian Universal Plugin Manager
The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names.
network
low complexity
atlassian CWE-79
5.4
2018-07-16 CVE-2018-13387 Cross-site Scripting vulnerability in Atlassian Jira
The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter as the fix for CVE-2017-18039 was incomplete.
network
low complexity
atlassian CWE-79
6.1
2018-07-10 CVE-2018-13389 Improper Input Validation vulnerability in Atlassian Confluence
The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml.
network
low complexity
atlassian CWE-20
4.7
2018-07-10 CVE-2018-13388 Cross-site Scripting vulnerability in Atlassian Fisheye
The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files.
network
low complexity
atlassian CWE-79
5.4
2018-07-09 CVE-2018-1000617 Improper Input Validation vulnerability in Atlassian Floodlight Controller
Atlassian Floodlight Atlassian Floodlight Controller version 1.2 and earlier versions contains a Denial of Service vulnerability in Forwarding module that can result in Improper type cast in Forwarding module allows remote attackers to cause a DoS(thread crash)..
network
low complexity
atlassian CWE-20
7.5
2018-06-28 CVE-2017-16859 Path Traversal vulnerability in Atlassian Crucible
The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command parameter.
network
low complexity
atlassian CWE-22
6.5
2018-05-16 CVE-2018-5231 Unspecified vulnerability in Atlassian Jira
The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to perform a denial of service attack via sending requests to it.
network
low complexity
atlassian
7.5