Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2018-02-02 CVE-2017-18086 Cross-site Scripting vulnerability in Atlassian Confluence
Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter.
network
low complexity
atlassian CWE-79
6.1
6.1
2018-02-02 CVE-2017-18085 Cross-site Scripting vulnerability in Atlassian Confluence
The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.
network
low complexity
atlassian CWE-79
6.1
6.1
2018-02-02 CVE-2017-18084 Cross-site Scripting vulnerability in Atlassian Confluence
The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro.
network
low complexity
atlassian CWE-79
4.8
4.8
2018-02-02 CVE-2017-18083 Cross-site Scripting vulnerability in Atlassian Confluence
The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file.
network
low complexity
atlassian CWE-79
5.4
5.4
2018-02-02 CVE-2017-18082 Cross-site Scripting vulnerability in Atlassian Bamboo
The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch.
network
low complexity
atlassian CWE-79
5.4
5.4
2018-02-02 CVE-2017-18081 Cross-site Scripting vulnerability in Atlassian Bamboo
The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie.
network
low complexity
atlassian CWE-79
6.1
6.1
2018-02-02 CVE-2017-18041 Cross-site Scripting vulnerability in Atlassian Bamboo
The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.
network
low complexity
atlassian CWE-79
5.4
5.4
2018-02-02 CVE-2017-18040 Cross-site Scripting vulnerability in Atlassian Bamboo
The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.
network
low complexity
atlassian CWE-79
5.4
5.4
2018-02-02 CVE-2017-18039 Cross-site Scripting vulnerability in Atlassian Jira
The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter.
network
low complexity
atlassian CWE-79
6.1
6.1
2018-02-02 CVE-2017-18034 Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye
The source browse resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 allows allows remote attackers that have write access to an indexed repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in via a specially crafted repository branch name when trying to display deleted files of the branch.
network
low complexity
atlassian CWE-79
5.4
5.4