Page 25 of 126 results (0.009 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability. El recurso IncomingMailServers en Atlassian Jira, en versiones anteriores a la 7.6.2, permite que atacantes remotos modifiquen la configuración de lista blanca "incoming mail" mediante una vulnerabilidad de Cross-Site Request Forgery (CSRF). • http://www.securityfocus.com/bid/102506 https://jira.atlassian.com/browse/JRASERVER-66622 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.8EPSS: 2%CPEs: 66EXPL: 0

The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object. El complemento de JIRA Workflow Designer en Atlassian JIRA Server en versiones anteriores a 6.3.0 utiliza incorrectamente un analizador y deserializador XML, que permite a atacantes remotos ejecutar código arbitrario, leer archivos arbitrarios o provocar una denegación de servicio a través de un objeto Java serializado. • http://codewhitesec.blogspot.com/2017/04/amf.html http://www.securityfocus.com/bid/97379 https://confluence.atlassian.com/jira063/jira-security-advisory-2017-03-09-875604401.html https://jira.atlassian.com/browse/JRASERVER-64077 https://www.kb.cert.org/vuls/id/307983 • CWE-502: Deserialization of Untrusted Data •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name. Atlassian JIRA Server en versiones anteriores a 7.1.9 tiene XSS en project/ViewDefaultProjectRoleActors.jspa a través de un nombre de función. • http://www.securityfocus.com/bid/97516 https://confluence.atlassian.com/jiracore/jira-core-7-1-x-release-notes-802161668.html#JIRACore7.1.xreleasenotes-v7.1.9v7.1.9-06July2016 https://jira.atlassian.com/browse/JRA-61861 https://jira.atlassian.com/browse/JRASERVER-61861 https://jira.atlassian.com/secure/ReleaseNote.jspa?projectId=10240&version=62034 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings. Atlassian JIRA Server en versiones anteriores a 7.1.9 tiene CSRF en auditoría/ajustes. • http://www.securityfocus.com/bid/97517 https://confluence.atlassian.com/jiracore/jira-core-7-1-x-release-notes-802161668.html#JIRACore7.1.xreleasenotes-v7.1.9v7.1.9-06July2016 https://jira.atlassian.com/browse/JRA-61803 https://jira.atlassian.com/browse/JRASERVER-61803 https://jira.atlassian.com/secure/ReleaseNote.jspa?projectId=10240&version=62034 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3

Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header. Vulnerabilidad XSS en includes/decorators/global-translations.jsp en Atlassian JIRA en versiones anteriores a 7.2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del encabezado HTTP Host. • http://packetstormsecurity.com/files/140548/Atlassian-Jira-7.1.7-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2017/Jan/41 http://www.securityfocus.com/bid/95913 https://confluence.atlassian.com/adminjira/jira-platform-releases/jira-7-2-x-platform-release-notes#JIRA7.2.xplatformreleasenotes-7-2-2 https://jira.atlassian.com/browse/JRA-61888?src=confmacro&_ga=1.139403892.63283854.1485351777 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •