Page 6 of 39 results (0.003 seconds)

CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0

The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter. La funcionalidad de enlazador administrativo en Atlassian FishEye y Crucible, en versiones anteriores a la 4.7.0, permite que atacantes remotos inyecten HTML o JavaScript arbitrarios mediante una vulnerabilidad Cross-Site Scripting (XSS) en el parámetro href. • http://www.securityfocus.com/bid/107128 https://jira.atlassian.com/browse/CRUC-8381 https://jira.atlassian.com/browse/FE-7163 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory. El instalador de Microsoft Windows para Atlassian Fisheye y Crucible en versiones anteriores a la 4.6.1 permite que atacantes locales escalen privilegios debido a permisos débiles en el directorio de instalación. • https://jira.atlassian.com/browse/CRUC-8314 https://jira.atlassian.com/browse/FE-7105 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnerability. El recurso administrativo smart-commits en Atlassian Fisheye y Crucible en versiones anteriores a la 4.5.4 permite que atacantes remotos modifiquen las opciones de smart-commit mediante una vulnerabilidad Cross-Site Request Forgery (CSRF). • https://jira.atlassian.com/browse/CRUC-8312 https://jira.atlassian.com/browse/FE-7100 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue keys. Varios recursos en Atlassian FishEye y Crucible, en versiones anteriores a la 4.6.0, permiten que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad Cross-Site Scripting (XSS) en las claves de envío asociadas. • http://www.securityfocus.com/bid/105096 https://jira.atlassian.com/browse/CRUC-8304 https://jira.atlassian.com/browse/FE-7081 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files. El recurso review attachment en Atlassian FishEye y Crucible, en versiones anteriores a la 4.5.3, permiten que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad Cross-Site Scripting (XSS) en los archivos adjuntos. • http://www.securityfocus.com/bid/104717 https://jira.atlassian.com/browse/CRUC-8209 https://jira.atlassian.com/browse/FE-7059 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •