Vulnerabilities > Atlassian

DATE CVE VULNERABILITY TITLE RISK
2017-04-10 CVE-2016-4317 Cross-site Scripting vulnerability in Atlassian Confluence
Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page.
network
atlassian CWE-79
3.5
2017-01-31 CVE-2016-6285 Cross-site Scripting vulnerability in Atlassian Jira
Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.
network
atlassian CWE-79
4.3
2017-01-23 CVE-2016-6668 Information Exposure vulnerability in Atlassian Confluence Server and Jira Integration for Hipchat
The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages.
network
low complexity
atlassian CWE-200
5.0
2017-01-18 CVE-2016-6283 Cross-site Scripting vulnerability in Atlassian Confluence
Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action.
network
atlassian CWE-79
4.3
2016-12-09 CVE-2016-6496 Improper Input Validation vulnerability in Atlassian Crowd
The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning.
network
low complexity
atlassian CWE-20
7.5
2016-08-02 CVE-2016-5229 Improper Access Control vulnerability in Atlassian Bamboo
Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization.
network
low complexity
atlassian CWE-284
7.5
2016-04-11 CVE-2015-8399 Information Exposure vulnerability in Atlassian Confluence
Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.
network
low complexity
atlassian CWE-200
4.0
2016-04-11 CVE-2015-8398 Cross-site Scripting vulnerability in Atlassian Confluence
Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to rest/prototype/1/session/check.
network
atlassian CWE-79
4.3
2016-02-08 CVE-2015-8361 Improper Access Control vulnerability in Atlassian Bamboo
Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port.
network
low complexity
atlassian CWE-284
6.4
2016-02-08 CVE-2015-8360 Improper Input Validation vulnerability in Atlassian Bamboo
An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port.
network
low complexity
atlassian CWE-20
7.5