Vulnerabilities > Atlassian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-02 | CVE-2017-18085 | Cross-site Scripting vulnerability in Atlassian Confluence The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter. | 6.1 |
| 2018-02-02 | CVE-2017-18084 | Cross-site Scripting vulnerability in Atlassian Confluence The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro. | 4.8 |
| 2018-02-02 | CVE-2017-18083 | Cross-site Scripting vulnerability in Atlassian Confluence The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file. | 5.4 |
| 2018-02-02 | CVE-2017-18082 | Cross-site Scripting vulnerability in Atlassian Bamboo The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch. | 5.4 |
| 2018-02-02 | CVE-2017-18081 | Cross-site Scripting vulnerability in Atlassian Bamboo The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie. | 6.1 |
| 2018-02-02 | CVE-2017-18080 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Bamboo The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability. | 8.8 |
| 2018-02-02 | CVE-2017-18042 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Bamboo The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability. | 8.8 |
| 2018-02-02 | CVE-2017-18041 | Cross-site Scripting vulnerability in Atlassian Bamboo The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release. | 5.4 |
| 2018-02-02 | CVE-2017-18040 | Cross-site Scripting vulnerability in Atlassian Bamboo The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release. | 5.4 |
| 2018-02-02 | CVE-2017-18039 | Cross-site Scripting vulnerability in Atlassian Jira The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter. | 6.1 |