CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4318
https://notcve.org/view.php?id=CVE-2016-4318
10 Apr 2017 — Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name. Atlassian JIRA Server en versiones anteriores a 7.1.9 tiene XSS en project/ViewDefaultProjectRoleActors.jspa a través de un nombre de función. • http://www.securityfocus.com/bid/97516 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4319
https://notcve.org/view.php?id=CVE-2016-4319
10 Apr 2017 — Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings. Atlassian JIRA Server en versiones anteriores a 7.1.9 tiene CSRF en auditoría/ajustes. • http://www.securityfocus.com/bid/97517 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 4CVE-2016-6285 – Atlassian Jira 7.1.7 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2016-6285
17 Jan 2017 — Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header. Vulnerabilidad XSS en includes/decorators/global-translations.jsp en Atlassian JIRA en versiones anteriores a 7.2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del encabezado HTTP Host. Tempest Security Intelligence Advisory ADV-2/2016 - Atlassian Jira ver... • https://packetstorm.news/files/id/140548 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2014-2313
https://notcve.org/view.php?id=CVE-2014-2313
07 Mar 2014 — Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en el plugin Importers en Atlassian JIRA anterior a 6.0.5 permite a atacantes remotos crear archivos arbitrarios a través de vectores no especificados. • https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 88%CPEs: 5EXPL: 4CVE-2014-2314 – JIRA Issues Collector - Directory Traversal
https://notcve.org/view.php?id=CVE-2014-2314
07 Mar 2014 — Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en el plugin Issue Collector en Atlassian JIRA anterior a 6.0.4 permite a atacantes remotos crear archivos arbitrarios a través de vectores no especificados. • https://packetstorm.news/files/id/126022 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.8EPSS: 0%CPEs: 5EXPL: 2CVE-2013-5319
https://notcve.org/view.php?id=CVE-2013-5319
20 Aug 2013 — Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via the name parameter to secure/admin/user/DeleteUser!default.jspa. Vulnerabilidad XSS en secure/admin/user/views/deleteuserconfirm.jspen el panel de administración de Atlassian JIRA anterior a 6.0.5, permite a atacantes remotos inyectar secuencias arbitrarias de comandos web o HTML a través del parámetro "... • http://cxsecurity.com/issue/WLB-2013080065 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 46%CPEs: 17EXPL: 2CVE-2012-2926 – Atlassian Tempo 6.4.3 / JIRA 5.0.0 / Gliffy 3.7.0 - XML Parsing Denial of Service
https://notcve.org/view.php?id=CVE-2012-2926
22 May 2012 — Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vecto... • https://packetstorm.news/files/id/181107 •
CVSS: 9.1EPSS: 1%CPEs: 29EXPL: 0CVE-2012-2928
https://notcve.org/view.php?id=CVE-2012-2928
22 May 2012 — The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. El complemento Gliffy para Atlassian JIRA v3.7.1, y en version anteriores ala v4.2 para Atlassian Confluence, no restringe correctamente las capacidades de los analizadores XML de tercer nivel, lo que permite leer fic... • http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.0EPSS: 2%CPEs: 14EXPL: 0CVE-2010-1165
https://notcve.org/view.php?id=CVE-2010-1165
20 Apr 2010 — Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010. Atlassian JIRA v3.12 hasta v4.1 permite a administradores autenticados remotamente ejecutar código de su elección modificando(1) adjuntos (como attachments), (2) índice (como indexing), o (3) ruta de guardado y luego subir un fichero, se explota ac... • http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-04-16 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2010-1164
https://notcve.org/view.php?id=CVE-2010-1164
20 Apr 2010 — Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) element or (2) defaultColor parameter to the Colour Picker page; the (3) formName parameter, (4) element parameter, or (5) full name field to the User Picker page; the (6) formName parameter, (7) element parameter, or (8) group name field to the Group Picker page; the (9) announcement_preview_banner_st parameter to unspecified components, related to... • http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-04-16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •