Vulnerabilities > Atlassian > Low

DATE CVE VULNERABILITY TITLE RISK
2019-12-11 CVE-2019-15007 Cross-site Scripting vulnerability in Atlassian Crucible
The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch.
network
atlassian CWE-79
3.5
3.5
2019-09-11 CVE-2019-8450 Cross-site Scripting vulnerability in Atlassian Jira Server
Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a custom field.
network
atlassian CWE-79
3.5
3.5
2019-08-23 CVE-2019-8444 Cross-site Scripting vulnerability in Atlassian Jira Server
The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in image attribute specification.
network
atlassian CWE-79
3.5
3.5
2019-08-09 CVE-2018-20827 Cross-site Scripting vulnerability in Atlassian Jira
The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the country parameter.
network
atlassian CWE-79
3.5
3.5
2019-04-30 CVE-2018-20239 Cross-site Scripting vulnerability in Atlassian products
Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter.
network
atlassian CWE-79
3.5
3.5
2019-02-20 CVE-2018-20240 Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye
The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter.
network
atlassian CWE-79
3.5
3.5
2019-02-20 CVE-2018-20241 Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye
The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter.
network
atlassian CWE-79
3.5
3.5
2019-02-13 CVE-2018-13403 Cross-site Scripting vulnerability in Atlassian Jira and Jira Server
The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a saved filter when displayed on a Jira dashboard.
network
atlassian CWE-79
3.5
3.5
2019-02-13 CVE-2018-20232 Cross-site Scripting vulnerability in Atlassian Jira and Jira Server
The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location that could be manipulated by the up_projectid widget preference setting.
network
atlassian CWE-79
3.5
3.5
2019-01-09 CVE-2018-1000423 Insufficiently Protected Credentials vulnerability in Atlassian Crowd2
An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2.
local
low complexity
atlassian CWE-522
2.1
2.1