CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18100
https://notcve.org/view.php?id=CVE-2017-18100
The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters. El gadget agile wallboard en Atlassian Jira, en versiones anteriores a la 7.8.1, permite que atacantes remotos inyecten HTML o JavaScript arbitrarios mediante una vulnerabilidad de Cross-Site Scripting (XSS) en el nombre de los filtros rápidos. • http://www.securityfocus.com/bid/103729 https://jira.atlassian.com/browse/JRASERVER-67106 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18097
https://notcve.org/view.php?id=CVE-2017-18097
The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the title of a Trello card. El recurso de importación de tableros de Trello en Atlassian Jira, en versiones anteriores a la 7.6.1, permite que atacantes remotos que puedan convencer a un administrador de Jira para que importe su tablero de Trello inyecten HTML o JavaScript arbitrarios mediante una vulnerabilidad de Cross-Site Scripting (XSS) en el título de una tarjeta de Trello. • http://www.securityfocus.com/bid/103764 https://jira.atlassian.com/browse/JRASERVER-67076 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18098
https://notcve.org/view.php?id=CVE-2017-18098
The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fields. El recurso searchrequest-xml en Atlassian Jira, en versiones anteriores a la 7.6.1, permite que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad Cross-Site Scripting (XSS) a través de varios campos. • http://www.securityfocus.com/bid/103765 https://jira.atlassian.com/browse/JRASERVER-67075 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18039
https://notcve.org/view.php?id=CVE-2017-18039
The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter. El recurso IncomingMailServers en Atlassian Jira desde la versión 6.2.1 hasta antes de la versión 7.4.4 permite que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad cross-Site Scripting (XSS) en el parámetro messagesThreshold. • http://www.securityfocus.com/bid/103086 https://jira.atlassian.com/browse/JRASERVER-66719 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16863
https://notcve.org/view.php?id=CVE-2017-16863
The PieChart gadget in Atlassian Jira before version 7.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a project or filter. El gadget PieChart en Atlassian Jira en versiones anteriores a la 7.5.3 permite que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad Cross-Site Scripting (XSS) mediante el nombre de un proyecto o filtro. • http://www.securityfocus.com/bid/102732 https://jira.atlassian.com/browse/JRASERVER-66623 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •