CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-13387
https://notcve.org/view.php?id=CVE-2018-13387
16 Jul 2018 — The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter as the fix for CVE-2017-18039 was incomplete. El recurso IncomingMailServers en Atlassian JIRA Server en versiones ante... • http://www.securityfocus.com/bid/104890 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5231
https://notcve.org/view.php?id=CVE-2018-5231
16 May 2018 — The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to perform a denial of service attack via sending requests to it. El recurso ForgotLoginDetails en Atlassian Jira en versiones anteriores a la 7.6.6, desde la versión 7.7.0 hasta la 7.7.4, desde la versión 7.8.0 hasta la 7.8.4 y desde la versión 7.9.0 hasta la 7.9.2 permite que atacantes re... • http://www.securityfocus.com/bid/104205 •
CVSS: 6.1EPSS: 48%CPEs: 4EXPL: 0CVE-2018-5230
https://notcve.org/view.php?id=CVE-2018-5230
14 May 2018 — The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified. El recolector de incidencias en Atlassian Jira en versiones anteriores a la 7.6.6, desde la versión 7.7.0 hasta la 7.7.4, desde la 7.8.0 hasta ... • https://jira.atlassian.com/browse/JRASERVER-67289 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-18101
https://notcve.org/view.php?id=CVE-2017-18101
10 Apr 2018 — Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks. Varos recursos administrativos de importación de sistema externo en Atlassian JIRA Server (incluyendo JIRA Core), en versiones anteriores a la 7.6.5, d... • http://www.securityfocus.com/bid/103730 • CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18100
https://notcve.org/view.php?id=CVE-2017-18100
10 Apr 2018 — The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters. El gadget agile wallboard en Atlassian Jira, en versiones anteriores a la 7.8.1, permite que atacantes remotos inyecten HTML o JavaScript arbitrarios mediante una vulnerabilidad de Cross-Site Scripting (XSS) en el nombre de los filtros rápidos. • http://www.securityfocus.com/bid/103729 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18097
https://notcve.org/view.php?id=CVE-2017-18097
06 Apr 2018 — The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the title of a Trello card. El recurso de importación de tableros de Trello en Atlassian Jira, en versiones anteriores a la 7.6.1, permite que atacantes remotos que puedan convencer a un administrador de Jira para que importe su tablero de Trello inyecten HT... • http://www.securityfocus.com/bid/103764 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18098
https://notcve.org/view.php?id=CVE-2017-18098
06 Apr 2018 — The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fields. El recurso searchrequest-xml en Atlassian Jira, en versiones anteriores a la 7.6.1, permite que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad Cross-Site Scripting (XSS) a través de varios campos. • http://www.securityfocus.com/bid/103765 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18039
https://notcve.org/view.php?id=CVE-2017-18039
02 Feb 2018 — The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter. El recurso IncomingMailServers en Atlassian Jira desde la versión 6.2.1 hasta antes de la versión 7.4.4 permite que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad cross-Site Scripting (XSS) en el parámetro messagesThreshold. • http://www.securityfocus.com/bid/103086 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16863
https://notcve.org/view.php?id=CVE-2017-16863
18 Jan 2018 — The PieChart gadget in Atlassian Jira before version 7.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a project or filter. El gadget PieChart en Atlassian Jira en versiones anteriores a la 7.5.3 permite que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad Cross-Site Scripting (XSS) mediante el nombre de un proyecto o filtro. • http://www.securityfocus.com/bid/102732 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18033
https://notcve.org/view.php?id=CVE-2017-18033
18 Jan 2018 — The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities. Jira-importers-plugin en Atlassian Jira en versiones anteriores a la 7.6.1 permite que atacantes remotos creen nuevos proyectos y anulen la importación de un sistema externo en ejecución mediante varias vulnerabilidades de Cross-Site Request Forgery (CSRF). • http://www.securityfocus.com/bid/102744 • CWE-352: Cross-Site Request Forgery (CSRF) •