CVSS: 4.1EPSS: 0%CPEs: 8EXPL: 0CVE-2018-13404
https://notcve.org/view.php?id=CVE-2018-13404
13 Feb 2019 — The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and from version 7.13.0 before version 7.13.1 allows remote attackers who have administrator rights to determine the existence of internal hosts & open ports and in some cases obta... • https://jira.atlassian.com/browse/JRASERVER-68527 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2018-20232
https://notcve.org/view.php?id=CVE-2018-20232
13 Feb 2019 — The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location that could be manipulated by the up_projectid widget preference setting. El gadget de widget de etiquetas en Atlassian Jira, en versiones anteriores a la 7.6.11 y desde la versión 7.7.0 hasta antes de la 7.13.1, permite que los atacan... • http://www.securityfocus.com/bid/107023 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2018-13401
https://notcve.org/view.php?id=CVE-2018-13401
23 Oct 2018 — The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability. El recurso XsrfErrorAction en Atlassian Ji... • http://www.securityfocus.com/bid/105751 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2018-13402
https://notcve.org/view.php?id=CVE-2018-13402
23 Oct 2018 — Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability. Muchos recursos en Atl... • http://www.securityfocus.com/bid/105751 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-13400
https://notcve.org/view.php?id=CVE-2018-13400
23 Oct 2018 — Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator's session to access certain administrative resources without needing to re-authenticate to pass ... • http://www.securityfocus.com/bid/105751 • CWE-269: Improper Privilege Management •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-13391
https://notcve.org/view.php?id=CVE-2018-13391
28 Aug 2018 — The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and from version 7.11.0 before version 7.11.2 allows remote attackers who can access & view an issue to obtain the email address of the reporter and assignee user of an issue despite the configured email visibility setting being set to hidden. El componente ProfileLinkUserF... • http://www.securityfocus.com/bid/105165 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2018-13395
https://notcve.org/view.php?id=CVE-2018-13395
28 Aug 2018 — Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and before version 7.11.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the epic colour field of an issue while an issue is being moved. Varios recursos en Atlassian Jira en versiones anteriores a la 7.6.8, desde la versión... • https://jira.atlassian.com/browse/JRASERVER-67848 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2017-18104
https://notcve.org/view.php?id=CVE-2017-18104
24 Jul 2018 — The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers who are able to observe or otherwise intercept webhook events to learn information about changes in issues that should not be sent because they are not contained within the results of a specified JQL query. El componente Webhooks en Atlassian Jira, en versiones anteriores a la 7.6.7 y desde la versión 7.7.0 hasta la 7.11.0, permite que atacantes remotos que puedan observar o int... • https://jira.atlassian.com/browse/JRASERVER-59980 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-5232
https://notcve.org/view.php?id=CVE-2018-5232
18 Jul 2018 — The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuetype parameter. El recurso EditIssue.jspa en Atlassian Jira antes de la versión 7.6.7 y desde la versión 7.7.0 hasta la 7.10.1 permite que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad Cross-Site Scripting (XSS) en el parámetro issuetype. • https://jira.atlassian.com/browse/JRASERVER-67410 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-13387
https://notcve.org/view.php?id=CVE-2018-13387
16 Jul 2018 — The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter as the fix for CVE-2017-18039 was incomplete. El recurso IncomingMailServers en Atlassian JIRA Server en versiones ante... • http://www.securityfocus.com/bid/104890 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •