CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2020-36288
https://notcve.org/view.php?id=CVE-2020-36288
14 Apr 2021 — The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.1 allows remote attackers to inject arbitrary HTML or JavaScript via a DOM Cross-Site Scripting (XSS) vulnerability caused by parameter pollution. La visualización de búsqueda y navegación de problemas en Jira Server y Data Center versiones anteriores a 8.5.12, desde versión 8.6.0 versiones anteriores a 8.13.4 y desde versión 8.14.0 ... • https://jira.atlassian.com/browse/JRASERVER-72115 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 64%CPEs: 4EXPL: 1CVE-2020-36287
https://notcve.org/view.php?id=CVE-2020-36287
09 Apr 2021 — The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check. El recurso de preferencia de gadgets del panel de control del plugin de gadgets de Atlassian usado en Jira Server y Jira Data Center versiones anteriores a 8.13.5, y desde versión 8.14.0 anterior a 8.15.1, permite a atacantes r... • https://github.com/f4rber/CVE-2020-36287 • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-36286
https://notcve.org/view.php?id=CVE-2020-36286
01 Apr 2021 — The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to publicly visible issue field. La función de búsqueda de membersOf JQL en Jira Server y Data Center anterior a versión 8.5.13, desde versión 8.6.0 anterior a versión 8.13.5 y desde versión 8.14.0 anterior a versión 8.15.1, permi... • https://jira.atlassian.com/browse/JRASERVER-72272 •
CVSS: 3.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-26071
https://notcve.org/view.php?id=CVE-2021-26071
01 Apr 2021 — The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery (CSRF) vulnerability. El recurso SetFeatureEnabled.jspa en Jira Server y Data Center anterior a versión 8.5.13, desde versión 8.6.0 anterior a versión 8.13.5 y desde versión 8.14.0 anterior a versión 8.15.1, permite q... • https://jira.atlassian.com/browse/JRASERVER-72233 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-36238
https://notcve.org/view.php?id=CVE-2020-36238
01 Apr 2021 — The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check. El recurso /rest/api/1.0/render en Jira Server y Data Center anterior a versión 8.5.13, desde versión 8.6.0 anterior a versión 8.13.5 y desde versión 8.14.0 anterior a versión 8.15.1, permite a atacantes anónimos remotos deter... • https://jira.atlassian.com/browse/JRASERVER-72249 • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •
CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 0CVE-2020-36232
https://notcve.org/view.php?id=CVE-2020-36232
22 Feb 2021 — The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4.3.2.4, from version 4.4.0 before 4.4.12, and from version 5.0.0 before 5.0.1 allowed unexpected DNS lookups and requests to arbitrary services as it incorrectly obtained application base url information from the executing http request which could be attacker controlled. La clase MessageBundleWhiteList de atlassian-gadgets versiones anteriores a 4.2.37, desde versiones ... • https://jira.atlassian.com/browse/JRASERVER-72025 • CWE-918: Server-Side Request Forgery (SSRF) •