Atlassian

Jira

142 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2018-5231

  • EPSS 0.98%
  • Veröffentlicht 16.05.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 04:08:23

The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to perform a denial of servic...

6.1

CVE-2018-5230

  • EPSS 24.98%
  • Veröffentlicht 14.05.2018 13:29:03
  • Zuletzt bearbeitet 21.11.2024 04:08:23

The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript vi...

6.1

CVE-2017-18100

  • EPSS 0.17%
  • Veröffentlicht 10.04.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:19:21

The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters.

6.5

CVE-2017-18101

  • EPSS 0.38%
  • Veröffentlicht 10.04.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:19:21

Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attack...

5.4

CVE-2017-18097

  • EPSS 0.18%
  • Veröffentlicht 06.04.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:19:21

The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability...

6.1

CVE-2017-18098

  • EPSS 0.23%
  • Veröffentlicht 06.04.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:19:21

The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fields.

6.1

CVE-2017-18039

  • EPSS 0.2%
  • Veröffentlicht 02.02.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:19:13

The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter.

6.1

CVE-2017-16863

  • EPSS 0.2%
  • Veröffentlicht 18.01.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:17:07

The PieChart gadget in Atlassian Jira before version 7.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a project or filter.

6.5

CVE-2017-18033

  • EPSS 0.08%
  • Veröffentlicht 18.01.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:19:12

The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities.

5.3

CVE-2017-16865

  • EPSS 0.14%
  • Veröffentlicht 17.01.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:17:07

The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). When running in an environment like Amazon EC2, this flaw maybe used to a...