Vulnerabilities > Atlassian > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-12-11 | CVE-2019-15007 | Cross-site Scripting vulnerability in Atlassian Crucible The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch. | 3.5 |
2019-09-11 | CVE-2019-8450 | Cross-site Scripting vulnerability in Atlassian Jira Server Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a custom field. | 3.5 |
2019-08-23 | CVE-2019-8444 | Cross-site Scripting vulnerability in Atlassian Jira Server The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in image attribute specification. | 3.5 |
2019-08-09 | CVE-2018-20827 | Cross-site Scripting vulnerability in Atlassian Jira The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the country parameter. | 3.5 |
2019-04-30 | CVE-2018-20239 | Cross-site Scripting vulnerability in Atlassian products Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. | 3.5 |
2019-02-20 | CVE-2018-20240 | Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter. | 3.5 |
2019-02-20 | CVE-2018-20241 | Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter. | 3.5 |
2019-02-13 | CVE-2018-13403 | Cross-site Scripting vulnerability in Atlassian Jira and Jira Server The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a saved filter when displayed on a Jira dashboard. | 3.5 |
2019-02-13 | CVE-2018-20232 | Cross-site Scripting vulnerability in Atlassian Jira and Jira Server The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location that could be manipulated by the up_projectid widget preference setting. | 3.5 |
2019-01-09 | CVE-2018-1000423 | Insufficiently Protected Credentials vulnerability in Atlassian Crowd2 An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2. | 2.1 |