Vulnerabilities > Atlassian > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-05-03 CVE-2018-20824 Cross-site Scripting vulnerability in Atlassian Jira
The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter.
network
low complexity
atlassian CWE-79
6.1
2019-04-30 CVE-2018-20239 Cross-site Scripting vulnerability in Atlassian products
Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter.
network
low complexity
atlassian CWE-79
5.4
2019-03-29 CVE-2017-18110 XXE vulnerability in Atlassian Crowd
The administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to read files from the filesystem via a XXE vulnerability.
network
low complexity
atlassian CWE-611
6.5
2019-03-29 CVE-2017-18109 Open Redirect vulnerability in Atlassian Crowd
The login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.
network
low complexity
atlassian CWE-601
6.1
2019-02-20 CVE-2018-20241 Cross-site Scripting vulnerability in Atlassian Fisheye
The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter.
network
low complexity
atlassian CWE-79
5.4
2019-02-20 CVE-2018-20240 Cross-site Scripting vulnerability in Atlassian Fisheye
The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter.
network
low complexity
atlassian CWE-79
4.8
2019-02-13 CVE-2018-20237 Exposure of Resource to Wrong Sphere vulnerability in Atlassian Confluence Server
Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.
network
low complexity
atlassian CWE-668
6.5
2019-02-13 CVE-2018-20232 Cross-site Scripting vulnerability in Atlassian Jira
The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location that could be manipulated by the up_projectid widget preference setting.
network
low complexity
atlassian CWE-79
5.4
2019-02-13 CVE-2018-13404 Server-Side Request Forgery (SSRF) vulnerability in Atlassian Jira
The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and from version 7.13.0 before version 7.13.1 allows remote attackers who have administrator rights to determine the existence of internal hosts & open ports and in some cases obtain service information from internal network resources via a Server Side Request Forgery (SSRF) vulnerability.
network
low complexity
atlassian CWE-918
4.1
2019-02-13 CVE-2018-13403 Cross-site Scripting vulnerability in Atlassian Jira
The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a saved filter when displayed on a Jira dashboard.
network
low complexity
atlassian CWE-79
5.4