Vulnerabilities > Atlassian

DATE CVE VULNERABILITY TITLE RISK
2018-05-14 CVE-2017-16860 Cross-site Scripting vulnerability in Atlassian Application Links
The invalidRedirectUrl template in Atlassian Application Links before version 5.2.7, from version 5.3.0 before version 5.3.4 and from version 5.4.0 before version 5.4.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the redirectUrl parameter link in the redirect warning message.
network
low complexity
atlassian CWE-79
6.1
6.1
2018-04-25 CVE-2018-5226 Unspecified vulnerability in Atlassian Sourcetree
There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag name that is going to be deleted.
network
low complexity
atlassian
8.8
8.8
2018-04-24 CVE-2018-5228 Cross-site Scripting vulnerability in Atlassian Fisheye
The /browse/~raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the handling of response headers.
network
low complexity
atlassian CWE-79
6.1
6.1
2018-04-17 CVE-2017-18102 Cross-site Scripting vulnerability in Atlassian Jira Server
The wiki markup component of atlassian-renderer from version 8.0.0 before version 8.0.22 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in nested wiki markup.
network
low complexity
atlassian CWE-79
5.4
5.4
2018-04-10 CVE-2018-5227 Cross-site Scripting vulnerability in Atlassian Application Links
Various administrative application link resources in Atlassian Application Links before version 5.4.4 allow remote attackers with administration rights to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the display url of a configured application link.
network
low complexity
atlassian CWE-79
4.8
4.8
2018-04-10 CVE-2017-18101 Missing Authorization vulnerability in Atlassian Jira
Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks.
network
low complexity
atlassian CWE-862
6.5
6.5
2018-04-10 CVE-2017-18100 Cross-site Scripting vulnerability in Atlassian Jira
The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters.
network
low complexity
atlassian CWE-79
6.1
6.1
2018-04-06 CVE-2017-18098 Cross-site Scripting vulnerability in Atlassian Jira
The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fields.
network
low complexity
atlassian CWE-79
6.1
6.1
2018-04-06 CVE-2017-18097 Cross-site Scripting vulnerability in Atlassian Jira
The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the title of a Trello card.
network
low complexity
atlassian CWE-79
5.4
5.4
2018-04-04 CVE-2017-18096 Server-Side Request Forgery (SSRF) vulnerability in Atlassian Application Links
The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 before 5.3.4 and from 5.4.0 before 5.4.3 allows remote attackers with administrative rights to access the content of internal network resources via a Server Side Request Forgery (SSRF) by creating an OAuth application link to a location they control and then redirecting access from the linked location's OAuth status rest resource to an internal location.
network
low complexity
atlassian CWE-918
7.2
7.2