Vulnerabilities > Atlassian > Low

DATE CVE VULNERABILITY TITLE RISK
2018-02-02 CVE-2017-18034 Cross-site Scripting vulnerability in Atlassian Crucible
The source browse resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 allows allows remote attackers that have write access to an indexed repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in via a specially crafted repository branch name when trying to display deleted files of the branch.
network
atlassian CWE-79
3.5
3.5
2018-02-02 CVE-2017-18040 Cross-site Scripting vulnerability in Atlassian Bamboo
The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.
network
atlassian CWE-79
3.5
3.5
2018-02-02 CVE-2017-18041 Cross-site Scripting vulnerability in Atlassian Bamboo
The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.
network
atlassian CWE-79
3.5
3.5
2018-02-02 CVE-2017-18082 Cross-site Scripting vulnerability in Atlassian Bamboo
The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch.
network
atlassian CWE-79
3.5
3.5
2018-02-02 CVE-2017-18083 Cross-site Scripting vulnerability in Atlassian Confluence
The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file.
network
atlassian CWE-79
3.5
3.5
2018-02-02 CVE-2017-18084 Cross-site Scripting vulnerability in Atlassian Confluence
The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro.
network
atlassian CWE-79
3.5
3.5
2018-01-17 CVE-2017-16865 Server-Side Request Forgery (SSRF) vulnerability in Atlassian Jira
The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF).
network
atlassian CWE-918
3.5
3.5
2017-10-11 CVE-2017-14587 Cross-site Scripting vulnerability in Atlassian Crucible
The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter.
network
atlassian CWE-79
3.5
3.5
2017-08-24 CVE-2017-9507 Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye
The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the review filter title parameter.
network
atlassian CWE-79
3.5
3.5
2017-08-24 CVE-2017-9508 Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye
Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file.
network
atlassian CWE-79
3.5
3.5