CVE-2017-18098
https://notcve.org/view.php?id=CVE-2017-18098
The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fields. El recurso searchrequest-xml en Atlassian Jira, en versiones anteriores a la 7.6.1, permite que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad Cross-Site Scripting (XSS) a través de varios campos. • http://www.securityfocus.com/bid/103765 https://jira.atlassian.com/browse/JRASERVER-67075 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-18039
https://notcve.org/view.php?id=CVE-2017-18039
The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter. El recurso IncomingMailServers en Atlassian Jira desde la versión 6.2.1 hasta antes de la versión 7.4.4 permite que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad cross-Site Scripting (XSS) en el parámetro messagesThreshold. • http://www.securityfocus.com/bid/103086 https://jira.atlassian.com/browse/JRASERVER-66719 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-16863
https://notcve.org/view.php?id=CVE-2017-16863
The PieChart gadget in Atlassian Jira before version 7.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a project or filter. El gadget PieChart en Atlassian Jira en versiones anteriores a la 7.5.3 permite que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad Cross-Site Scripting (XSS) mediante el nombre de un proyecto o filtro. • http://www.securityfocus.com/bid/102732 https://jira.atlassian.com/browse/JRASERVER-66623 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-18033
https://notcve.org/view.php?id=CVE-2017-18033
The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities. Jira-importers-plugin en Atlassian Jira en versiones anteriores a la 7.6.1 permite que atacantes remotos creen nuevos proyectos y anulen la importación de un sistema externo en ejecución mediante varias vulnerabilidades de Cross-Site Request Forgery (CSRF). • http://www.securityfocus.com/bid/102744 https://jira.atlassian.com/browse/JRASERVER-66643 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2017-16865
https://notcve.org/view.php?id=CVE-2017-16865
The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access credentials and other potentially confidential information. El importador Trello en Atlassian Jira, en versiones anteriores a la 7.6.1, permite que atacantes remotos accedan al contenido de recursos de red internos mediante Server Side Request Forgery (SSRF). Cuando se ejecuta en un entorno como Amazon EC2, este error puede emplearse para acceder a un recurso de metadatos que proporciona credenciales de acceso y otro tipo de información potencialmente confidencial. • https://jira.atlassian.com/browse/JRASERVER-66642 • CWE-918: Server-Side Request Forgery (SSRF) •