Vulnerabilities > Atlassian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-10 | CVE-2018-13388 | Cross-site Scripting vulnerability in Atlassian Fisheye The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files. | 5.4 |
| 2018-06-28 | CVE-2017-16859 | Path Traversal vulnerability in Atlassian Crucible The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command parameter. | 6.5 |
| 2018-05-14 | CVE-2018-5230 | Cross-site Scripting vulnerability in Atlassian Jira The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified. | 6.1 |
| 2018-05-14 | CVE-2017-16860 | Cross-site Scripting vulnerability in Atlassian Application Links The invalidRedirectUrl template in Atlassian Application Links before version 5.2.7, from version 5.3.0 before version 5.3.4 and from version 5.4.0 before version 5.4.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the redirectUrl parameter link in the redirect warning message. | 6.1 |
| 2018-04-24 | CVE-2018-5228 | Cross-site Scripting vulnerability in Atlassian Fisheye The /browse/~raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the handling of response headers. | 6.1 |
| 2018-04-17 | CVE-2017-18102 | Cross-site Scripting vulnerability in Atlassian Jira Server The wiki markup component of atlassian-renderer from version 8.0.0 before version 8.0.22 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in nested wiki markup. | 5.4 |
| 2018-04-10 | CVE-2018-5227 | Cross-site Scripting vulnerability in Atlassian Application Links Various administrative application link resources in Atlassian Application Links before version 5.4.4 allow remote attackers with administration rights to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the display url of a configured application link. | 4.8 |
| 2018-04-10 | CVE-2017-18101 | Missing Authorization vulnerability in Atlassian Jira Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks. | 6.5 |
| 2018-04-10 | CVE-2017-18100 | Cross-site Scripting vulnerability in Atlassian Jira The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters. | 6.1 |
| 2018-04-06 | CVE-2017-18098 | Cross-site Scripting vulnerability in Atlassian Jira The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fields. | 6.1 |