CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16865
https://notcve.org/view.php?id=CVE-2017-16865
17 Jan 2018 — The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access credentials and other potentially confidential information. El importador Trello en Atlassian Jira, en versiones anteriores a la 7.6.1, permite que atacantes remotos accedan al contenido de recursos de red intern... • https://jira.atlassian.com/browse/JRASERVER-66642 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16862
https://notcve.org/view.php?id=CVE-2017-16862
12 Jan 2018 — The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability. El recurso IncomingMailServers en Atlassian Jira, en versiones anteriores a la 7.6.2, permite que atacantes remotos modifiquen la configuración de lista blanca "incoming mail" mediante una vulnerabilidad de Cross-Site Request Forgery (CSRF). • http://www.securityfocus.com/bid/102506 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16864
https://notcve.org/view.php?id=CVE-2017-16864
12 Jan 2018 — The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter. El recurso issue search en Atlassian Jira, en versiones anteriores a la 7.4.2, permite que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad Cross-Site Scripting (XSS) en el parámetro orderby. • http://www.securityfocus.com/bid/102505 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-14594
https://notcve.org/view.php?id=CVE-2017-14594
12 Jan 2018 — The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter. El recurso printable searchrequest issue en Atlassian Jira antes de la versión 7.2.12 y desde la versión 7.3.0 hasta la 7.6.1 permite que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad Cross-Site Scripting (XSS) e... • https://jira.atlassian.com/browse/JRASERVER-66495 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4319
https://notcve.org/view.php?id=CVE-2016-4319
10 Apr 2017 — Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings. Atlassian JIRA Server en versiones anteriores a 7.1.9 tiene CSRF en auditoría/ajustes. • http://www.securityfocus.com/bid/97517 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4318
https://notcve.org/view.php?id=CVE-2016-4318
10 Apr 2017 — Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name. Atlassian JIRA Server en versiones anteriores a 7.1.9 tiene XSS en project/ViewDefaultProjectRoleActors.jspa a través de un nombre de función. • http://www.securityfocus.com/bid/97516 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 4CVE-2016-6285 – Atlassian Jira 7.1.7 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2016-6285
17 Jan 2017 — Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header. Vulnerabilidad XSS en includes/decorators/global-translations.jsp en Atlassian JIRA en versiones anteriores a 7.2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del encabezado HTTP Host. Tempest Security Intelligence Advisory ADV-2/2016 - Atlassian Jira ver... • https://packetstorm.news/files/id/140548 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2014-2313
https://notcve.org/view.php?id=CVE-2014-2313
07 Mar 2014 — Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en el plugin Importers en Atlassian JIRA anterior a 6.0.5 permite a atacantes remotos crear archivos arbitrarios a través de vectores no especificados. • https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 66%CPEs: 5EXPL: 4CVE-2014-2314 – JIRA Issues Collector - Directory Traversal
https://notcve.org/view.php?id=CVE-2014-2314
07 Mar 2014 — Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en el plugin Issue Collector en Atlassian JIRA anterior a 6.0.4 permite a atacantes remotos crear archivos arbitrarios a través de vectores no especificados. • https://packetstorm.news/files/id/126022 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.8EPSS: 0%CPEs: 5EXPL: 2CVE-2013-5319
https://notcve.org/view.php?id=CVE-2013-5319
20 Aug 2013 — Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via the name parameter to secure/admin/user/DeleteUser!default.jspa. Vulnerabilidad XSS en secure/admin/user/views/deleteuserconfirm.jspen el panel de administración de Atlassian JIRA anterior a 6.0.5, permite a atacantes remotos inyectar secuencias arbitrarias de comandos web o HTML a través del parámetro "... • http://cxsecurity.com/issue/WLB-2013080065 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •