CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-8481
https://notcve.org/view.php?id=CVE-2015-8481
Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference. Atlassian JIRA Software 7.0.3, JIRA Core 7.0. 3 y el instalador de paquete JIRA Service Desk 3.0.3 anexa la imagen incorrecta a notificaciones de correo cuando un usuario ve un problema con el wikitexto en línea que hace referencia a una imagen adjunta, lo que podría permitir a atacantes remotos obtener información sensible actualizando un problema diferente que incluye wikitexto para una referencia de imagen externa. • http://www.securityfocus.com/bid/79381 https://confluence.atlassian.com/jira/jira-security-advisory-2015-12-09-792307790.html https://jira.atlassian.com/browse/JRA-47557 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 93%CPEs: 5EXPL: 3CVE-2014-2314 – JIRA Issues Collector - Directory Traversal
https://notcve.org/view.php?id=CVE-2014-2314
Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en el plugin Issue Collector en Atlassian JIRA anterior a 6.0.4 permite a atacantes remotos crear archivos arbitrarios a través de vectores no especificados. • https://www.exploit-db.com/exploits/32725 http://blog.h3xstream.com/2014/02/jira-path-traversal-explained.html http://www.exploit-db.com/exploits/32725 https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2014-2313
https://notcve.org/view.php?id=CVE-2014-2313
Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en el plugin Importers en Atlassian JIRA anterior a 6.0.5 permite a atacantes remotos crear archivos arbitrarios a través de vectores no especificados. • https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 2CVE-2013-5319
https://notcve.org/view.php?id=CVE-2013-5319
Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via the name parameter to secure/admin/user/DeleteUser!default.jspa. Vulnerabilidad XSS en secure/admin/user/views/deleteuserconfirm.jspen el panel de administración de Atlassian JIRA anterior a 6.0.5, permite a atacantes remotos inyectar secuencias arbitrarias de comandos web o HTML a través del parámetro "name" en secure/admin/user/DeleteUser!default.jspa. • http://cxsecurity.com/issue/WLB-2013080065 http://packetstormsecurity.com/files/122721 http://secunia.com/advisories/54417 http://www.securityfocus.com/bid/61647 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5151.php https://jira.atlassian.com/browse/JRA/fixforversion/33790 https://jira.atlassian.com/i#browse/JRA-34160 https://jira.atlassian.com/secure/ReleaseNote.jspa?projectId=10240&version=33790 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 2CVE-2012-1500 – jira 4.4.3 / greenhopper < 5.9.8 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-1500
Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8 allows an attacker to inject arbitrary script code. Una vulnerabilidad de tipo XSS almacenado del archivo UpdateFieldJson.jspa en JIRA versión 4.4.3 y GreenHopper versiones anteriores a 5.9.8, permite a un atacante inyectar código de script arbitrario. • https://www.exploit-db.com/exploits/21052 https://web.archive.org/web/20121014055829/http://www.cloudscan.me/2012/09/cve-2012-1500-ghs-5375-ghs-5642.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •