Vulnerabilities > Atlassian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-15 | CVE-2017-18088 | Improper Input Validation vulnerability in Atlassian Bitbucket Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.6 (the fixed version for 5.5.x), from version 5.6.0 before 5.6.3 (the fixed version for 5.6.x), from version 5.7.0 before 5.7.1 (the fixed version for 5.7.x) and before 5.8.0 allow remote attackers to conduct clickjacking attacks via framing various resources that lacked clickjacking protection. | 4.3 |
| 2018-02-02 | CVE-2017-18086 | Cross-site Scripting vulnerability in Atlassian Confluence Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter. | 6.1 |
| 2018-02-02 | CVE-2017-18085 | Cross-site Scripting vulnerability in Atlassian Confluence The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter. | 6.1 |
| 2018-02-02 | CVE-2017-18084 | Cross-site Scripting vulnerability in Atlassian Confluence The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro. | 4.8 |
| 2018-02-02 | CVE-2017-18083 | Cross-site Scripting vulnerability in Atlassian Confluence The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file. | 5.4 |
| 2018-02-02 | CVE-2017-18082 | Cross-site Scripting vulnerability in Atlassian Bamboo The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch. | 5.4 |
| 2018-02-02 | CVE-2017-18081 | Cross-site Scripting vulnerability in Atlassian Bamboo The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie. | 6.1 |
| 2018-02-02 | CVE-2017-18041 | Cross-site Scripting vulnerability in Atlassian Bamboo The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release. | 5.4 |
| 2018-02-02 | CVE-2017-18040 | Cross-site Scripting vulnerability in Atlassian Bamboo The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release. | 5.4 |
| 2018-02-02 | CVE-2017-18039 | Cross-site Scripting vulnerability in Atlassian Jira The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter. | 6.1 |