Vulnerabilities > Atlassian > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-08-24 | CVE-2017-9509 | Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file. | 3.5 |
2017-08-24 | CVE-2017-9510 | Cross-site Scripting vulnerability in Atlassian Fisheye The repository changelog resource in Atlassian Fisheye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the start date and end date parameters. | 3.5 |
2017-04-10 | CVE-2016-4317 | Cross-site Scripting vulnerability in Atlassian Confluence Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page. | 3.5 |
2017-04-10 | CVE-2016-4318 | Cross-site Scripting vulnerability in Atlassian Jira Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name. | 3.5 |
2016-01-08 | CVE-2015-8481 | Information Exposure vulnerability in Atlassian Jira Core, Jira Server and Jira Service Desk Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference. | 3.5 |
2006-07-03 | CVE-2006-3338 | Cross-Site Scripting vulnerability in Atlassian Jira 3.6.2156 Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a direct request to secure/ConfigureReleaseNote.jspa, which are not sanitized before being returned in an error page. | 2.6 |