Vulnerabilities > Atlassian

DATE CVE VULNERABILITY TITLE RISK
2018-02-16 CVE-2017-18089 Cross-site Scripting vulnerability in Atlassian Crucible 4.4.0/4.4.1/4.4.2
The view review history resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the invited reviewers for a review.
network
low complexity
atlassian CWE-79
5.4
5.4
2018-02-15 CVE-2017-18088 Improper Input Validation vulnerability in Atlassian Bitbucket
Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.6 (the fixed version for 5.5.x), from version 5.6.0 before 5.6.3 (the fixed version for 5.6.x), from version 5.7.0 before 5.7.1 (the fixed version for 5.7.x) and before 5.8.0 allow remote attackers to conduct clickjacking attacks via framing various resources that lacked clickjacking protection.
network
low complexity
atlassian CWE-20
4.3
4.3
2018-02-15 CVE-2017-18087 Unspecified vulnerability in Atlassian Bitbucket
The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter.
network
high complexity
atlassian
7.5
7.5
2018-02-02 CVE-2017-18086 Cross-site Scripting vulnerability in Atlassian Confluence
Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter.
network
low complexity
atlassian CWE-79
6.1
6.1
2018-02-02 CVE-2017-18085 Cross-site Scripting vulnerability in Atlassian Confluence
The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.
network
low complexity
atlassian CWE-79
6.1
6.1
2018-02-02 CVE-2017-18084 Cross-site Scripting vulnerability in Atlassian Confluence
The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro.
network
low complexity
atlassian CWE-79
4.8
4.8
2018-02-02 CVE-2017-18083 Cross-site Scripting vulnerability in Atlassian Confluence
The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file.
network
low complexity
atlassian CWE-79
5.4
5.4
2018-02-02 CVE-2017-18082 Cross-site Scripting vulnerability in Atlassian Bamboo
The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch.
network
low complexity
atlassian CWE-79
5.4
5.4
2018-02-02 CVE-2017-18081 Cross-site Scripting vulnerability in Atlassian Bamboo
The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie.
network
low complexity
atlassian CWE-79
6.1
6.1
2018-02-02 CVE-2017-18080 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Bamboo
The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability.
network
low complexity
atlassian CWE-352
8.8
8.8