Vulnerabilities > Atlassian > Low

DATE	CVE	VULNERABILITY TITLE	RISK
2018-07-16	CVE-2018-5229	Cross-site Scripting vulnerability in Atlassian Universal Plugin Manager The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names. network atlassian CWE-79	3.5
2018-07-10	CVE-2018-13388	Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files. network atlassian CWE-79	3.5
2018-04-17	CVE-2017-18102	Cross-site Scripting vulnerability in Atlassian Jira Server The wiki markup component of atlassian-renderer from version 8.0.0 before version 8.0.22 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in nested wiki markup. network atlassian CWE-79	3.5
2018-04-10	CVE-2018-5227	Cross-site Scripting vulnerability in Atlassian Application Links Various administrative application link resources in Atlassian Application Links before version 5.4.4 allow remote attackers with administration rights to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the display url of a configured application link. network atlassian CWE-79	3.5
2018-04-06	CVE-2017-18097	Cross-site Scripting vulnerability in Atlassian Jira The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the title of a Trello card. network atlassian CWE-79	3.5
2018-03-22	CVE-2017-18094	Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allow remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the base path setting of a configured file system repository. network atlassian CWE-79	3.5
2018-02-19	CVE-2017-18092	Cross-site Scripting vulnerability in Atlassian Crucible The print snippet resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of a comment on the snippet. network atlassian CWE-79	3.5
2018-02-19	CVE-2017-18093	Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allow remote attackers who have permission to add or modify a repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the location setting of a configured repository. network atlassian CWE-79	3.5
2018-02-16	CVE-2017-18089	Cross-site Scripting vulnerability in Atlassian Crucible 4.4.0/4.4.1/4.4.2 The view review history resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the invited reviewers for a review. network atlassian CWE-79	3.5
2018-02-16	CVE-2017-18091	Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup. network atlassian CWE-79	3.5