Filtered by vendor Atlassian
Subscribe
Total
439 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18094 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allow remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the base path setting of a configured file system repository. | |||||
| CVE-2017-18093 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allow remote attackers who have permission to add or modify a repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the location setting of a configured repository. | |||||
| CVE-2017-18092 | 1 Atlassian | 1 Crucible | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The print snippet resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of a comment on the snippet. | |||||
| CVE-2017-18091 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup. | |||||
| CVE-2017-18090 | 1 Atlassian | 1 Fisheye | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a commit author. | |||||
| CVE-2017-18089 | 1 Atlassian | 1 Crucible | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The view review history resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the invited reviewers for a review. | |||||
| CVE-2017-18088 | 1 Atlassian | 1 Bitbucket | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.6 (the fixed version for 5.5.x), from version 5.6.0 before 5.6.3 (the fixed version for 5.6.x), from version 5.7.0 before 5.7.1 (the fixed version for 5.7.x) and before 5.8.0 allow remote attackers to conduct clickjacking attacks via framing various resources that lacked clickjacking protection. | |||||
| CVE-2017-18087 | 1 Atlassian | 1 Bitbucket | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter. | |||||
| CVE-2017-18086 | 1 Atlassian | 1 Confluence | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter. | |||||
| CVE-2017-18085 | 1 Atlassian | 1 Confluence | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter. | |||||
| CVE-2017-18084 | 1 Atlassian | 1 Confluence | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro. | |||||
| CVE-2017-18083 | 1 Atlassian | 1 Confluence | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file. | |||||
| CVE-2017-18082 | 1 Atlassian | 1 Bamboo | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch. | |||||
| CVE-2017-18081 | 1 Atlassian | 1 Bamboo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie. | |||||
| CVE-2017-18080 | 1 Atlassian | 1 Bamboo | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability. | |||||
| CVE-2017-18042 | 1 Atlassian | 1 Bamboo | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability. | |||||
| CVE-2017-18041 | 1 Atlassian | 1 Bamboo | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release. | |||||
| CVE-2017-18040 | 1 Atlassian | 1 Bamboo | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release. | |||||
| CVE-2017-18039 | 1 Atlassian | 1 Jira | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter. | |||||
| CVE-2017-18038 | 1 Atlassian | 1 Bitbucket | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name. | |||||