Vulnerabilities > Atlassian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-14 | CVE-2018-5230 | Cross-site Scripting vulnerability in Atlassian Jira The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified. | 4.3 |
| 2018-05-14 | CVE-2017-16860 | Cross-site Scripting vulnerability in Atlassian Application Links The invalidRedirectUrl template in Atlassian Application Links before version 5.2.7, from version 5.3.0 before version 5.3.4 and from version 5.4.0 before version 5.4.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the redirectUrl parameter link in the redirect warning message. | 4.3 |
| 2018-04-25 | CVE-2018-5226 | Unspecified vulnerability in Atlassian Sourcetree There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag name that is going to be deleted. | 6.5 |
| 2018-04-24 | CVE-2018-5228 | Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye The /browse/~raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the handling of response headers. | 4.3 |
| 2018-04-17 | CVE-2017-18102 | Cross-site Scripting vulnerability in Atlassian Jira Server The wiki markup component of atlassian-renderer from version 8.0.0 before version 8.0.22 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in nested wiki markup. | 3.5 |
| 2018-04-10 | CVE-2018-5227 | Cross-site Scripting vulnerability in Atlassian Application Links Various administrative application link resources in Atlassian Application Links before version 5.4.4 allow remote attackers with administration rights to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the display url of a configured application link. | 3.5 |
| 2018-04-10 | CVE-2017-18101 | Missing Authorization vulnerability in Atlassian Jira and Jira Server Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks. | 6.4 |
| 2018-04-10 | CVE-2017-18100 | Cross-site Scripting vulnerability in Atlassian Jira The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters. | 4.3 |
| 2018-04-06 | CVE-2017-18098 | Cross-site Scripting vulnerability in Atlassian Jira The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fields. | 4.3 |
| 2018-04-06 | CVE-2017-18097 | Cross-site Scripting vulnerability in Atlassian Jira The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the title of a Trello card. | 3.5 |