CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-13400
https://notcve.org/view.php?id=CVE-2018-13400
23 Oct 2018 — Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator's session to access certain administrative resources without needing to re-authenticate to pass ... • http://www.securityfocus.com/bid/105751 • CWE-269: Improper Privilege Management •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-13391
https://notcve.org/view.php?id=CVE-2018-13391
28 Aug 2018 — The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and from version 7.11.0 before version 7.11.2 allows remote attackers who can access & view an issue to obtain the email address of the reporter and assignee user of an issue despite the configured email visibility setting being set to hidden. El componente ProfileLinkUserF... • http://www.securityfocus.com/bid/105165 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2018-13395
https://notcve.org/view.php?id=CVE-2018-13395
28 Aug 2018 — Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and before version 7.11.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the epic colour field of an issue while an issue is being moved. Varios recursos en Atlassian Jira en versiones anteriores a la 7.6.8, desde la versión... • https://jira.atlassian.com/browse/JRASERVER-67848 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2017-18104
https://notcve.org/view.php?id=CVE-2017-18104
24 Jul 2018 — The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers who are able to observe or otherwise intercept webhook events to learn information about changes in issues that should not be sent because they are not contained within the results of a specified JQL query. El componente Webhooks en Atlassian Jira, en versiones anteriores a la 7.6.7 y desde la versión 7.7.0 hasta la 7.11.0, permite que atacantes remotos que puedan observar o int... • https://jira.atlassian.com/browse/JRASERVER-59980 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-5232
https://notcve.org/view.php?id=CVE-2018-5232
18 Jul 2018 — The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuetype parameter. El recurso EditIssue.jspa en Atlassian Jira antes de la versión 7.6.7 y desde la versión 7.7.0 hasta la 7.10.1 permite que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad Cross-Site Scripting (XSS) en el parámetro issuetype. • https://jira.atlassian.com/browse/JRASERVER-67410 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-13387
https://notcve.org/view.php?id=CVE-2018-13387
16 Jul 2018 — The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter as the fix for CVE-2017-18039 was incomplete. El recurso IncomingMailServers en Atlassian JIRA Server en versiones ante... • http://www.securityfocus.com/bid/104890 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5231
https://notcve.org/view.php?id=CVE-2018-5231
16 May 2018 — The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to perform a denial of service attack via sending requests to it. El recurso ForgotLoginDetails en Atlassian Jira en versiones anteriores a la 7.6.6, desde la versión 7.7.0 hasta la 7.7.4, desde la versión 7.8.0 hasta la 7.8.4 y desde la versión 7.9.0 hasta la 7.9.2 permite que atacantes re... • http://www.securityfocus.com/bid/104205 •
CVSS: 6.1EPSS: 2%CPEs: 4EXPL: 0CVE-2018-5230
https://notcve.org/view.php?id=CVE-2018-5230
14 May 2018 — The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified. El recolector de incidencias en Atlassian Jira en versiones anteriores a la 7.6.6, desde la versión 7.7.0 hasta la 7.7.4, desde la 7.8.0 hasta ... • https://jira.atlassian.com/browse/JRASERVER-67289 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18100
https://notcve.org/view.php?id=CVE-2017-18100
10 Apr 2018 — The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters. El gadget agile wallboard en Atlassian Jira, en versiones anteriores a la 7.8.1, permite que atacantes remotos inyecten HTML o JavaScript arbitrarios mediante una vulnerabilidad de Cross-Site Scripting (XSS) en el nombre de los filtros rápidos. • http://www.securityfocus.com/bid/103729 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-18101
https://notcve.org/view.php?id=CVE-2017-18101
10 Apr 2018 — Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks. Varos recursos administrativos de importación de sistema externo en Atlassian JIRA Server (incluyendo JIRA Core), en versiones anteriores a la 7.6.5, d... • http://www.securityfocus.com/bid/103730 • CWE-284: Improper Access Control CWE-862: Missing Authorization •