CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18097
https://notcve.org/view.php?id=CVE-2017-18097
06 Apr 2018 — The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the title of a Trello card. El recurso de importación de tableros de Trello en Atlassian Jira, en versiones anteriores a la 7.6.1, permite que atacantes remotos que puedan convencer a un administrador de Jira para que importe su tablero de Trello inyecten HT... • http://www.securityfocus.com/bid/103764 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18098
https://notcve.org/view.php?id=CVE-2017-18098
06 Apr 2018 — The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fields. El recurso searchrequest-xml en Atlassian Jira, en versiones anteriores a la 7.6.1, permite que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad Cross-Site Scripting (XSS) a través de varios campos. • http://www.securityfocus.com/bid/103765 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18039
https://notcve.org/view.php?id=CVE-2017-18039
02 Feb 2018 — The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter. El recurso IncomingMailServers en Atlassian Jira desde la versión 6.2.1 hasta antes de la versión 7.4.4 permite que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad cross-Site Scripting (XSS) en el parámetro messagesThreshold. • http://www.securityfocus.com/bid/103086 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16863
https://notcve.org/view.php?id=CVE-2017-16863
18 Jan 2018 — The PieChart gadget in Atlassian Jira before version 7.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a project or filter. El gadget PieChart en Atlassian Jira en versiones anteriores a la 7.5.3 permite que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad Cross-Site Scripting (XSS) mediante el nombre de un proyecto o filtro. • http://www.securityfocus.com/bid/102732 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18033
https://notcve.org/view.php?id=CVE-2017-18033
18 Jan 2018 — The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities. Jira-importers-plugin en Atlassian Jira en versiones anteriores a la 7.6.1 permite que atacantes remotos creen nuevos proyectos y anulen la importación de un sistema externo en ejecución mediante varias vulnerabilidades de Cross-Site Request Forgery (CSRF). • http://www.securityfocus.com/bid/102744 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16865
https://notcve.org/view.php?id=CVE-2017-16865
17 Jan 2018 — The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access credentials and other potentially confidential information. El importador Trello en Atlassian Jira, en versiones anteriores a la 7.6.1, permite que atacantes remotos accedan al contenido de recursos de red intern... • https://jira.atlassian.com/browse/JRASERVER-66642 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16862
https://notcve.org/view.php?id=CVE-2017-16862
12 Jan 2018 — The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability. El recurso IncomingMailServers en Atlassian Jira, en versiones anteriores a la 7.6.2, permite que atacantes remotos modifiquen la configuración de lista blanca "incoming mail" mediante una vulnerabilidad de Cross-Site Request Forgery (CSRF). • http://www.securityfocus.com/bid/102506 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-14594
https://notcve.org/view.php?id=CVE-2017-14594
12 Jan 2018 — The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter. El recurso printable searchrequest issue en Atlassian Jira antes de la versión 7.2.12 y desde la versión 7.3.0 hasta la 7.6.1 permite que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad Cross-Site Scripting (XSS) e... • https://jira.atlassian.com/browse/JRASERVER-66495 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16864
https://notcve.org/view.php?id=CVE-2017-16864
12 Jan 2018 — The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter. El recurso issue search en Atlassian Jira, en versiones anteriores a la 7.4.2, permite que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad Cross-Site Scripting (XSS) en el parámetro orderby. • http://www.securityfocus.com/bid/102505 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 66EXPL: 0CVE-2017-5983
https://notcve.org/view.php?id=CVE-2017-5983
10 Apr 2017 — The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object. El complemento de JIRA Workflow Designer en Atlassian JIRA Server en versiones anteriores a 6.3.0 utiliza incorrectamente un analizador y deserializador XML, que permite a atacantes remotos ejecutar código arbitrario, leer archivos arbitrarios o ... • http://codewhitesec.blogspot.com/2017/04/amf.html • CWE-502: Deserialization of Untrusted Data •