Vulnerabilidades en Atlassian
399 resultadosCVE-2021-43956—The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaEPSS 0.7%CVE-2017-16865—The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via aEPSS 0.7%CVE-2021-41310—Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a CroEPSS 0.7%CVE-2019-8447—The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site rEPSS 0.7%CVE-2017-18097—The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to iEPSS 0.7%CVE-2017-18092—The print snippet resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackersEPSS 0.7%CVE-2017-18042—The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwEPSS 0.7%CVE-2017-9513—Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any CEPSS 0.7%CVE-2017-18089—The view review history resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allows remote attackers EPSS 0.7%CVE-2021-26074MEDIUMBroken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a JaEPSS 0.7%CVE-2019-20411—Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgEPSS 0.7%CVE-2019-11586—The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before versioEPSS 0.6%CVE-2017-16862—The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist settEPSS 0.6%CVE-2021-39117—The AssociateFieldToScreens page in Atlassian Jira Server and Data Center before version 8.18.0 allows remote attackers to inject arbitrary EPSS 0.6%CVE-2018-5227—Various administrative application link resources in Atlassian Application Links before version 5.4.4 allow remote attackers with administraEPSS 0.6%CVE-2020-4013—The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript viEPSS 0.6%CVE-2019-20415—Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-siteEPSS 0.6%CVE-2017-18040—The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaSEPSS 0.6%CVE-2017-18041—The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTMLEPSS 0.6%CVE-2017-18094—Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allow remote attackers withEPSS 0.6%