CVE-2018-20240
https://notcve.org/view.php?id=CVE-2018-20240
The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter. La funcionalidad de enlazador administrativo en Atlassian FishEye y Crucible, en versiones anteriores a la 4.7.0, permite que atacantes remotos inyecten HTML o JavaScript arbitrarios mediante una vulnerabilidad Cross-Site Scripting (XSS) en el parámetro href. • http://www.securityfocus.com/bid/107128 https://jira.atlassian.com/browse/CRUC-8381 https://jira.atlassian.com/browse/FE-7163 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-13399
https://notcve.org/view.php?id=CVE-2018-13399
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory. El instalador de Microsoft Windows para Atlassian Fisheye y Crucible en versiones anteriores a la 4.6.1 permite que atacantes locales escalen privilegios debido a permisos débiles en el directorio de instalación. • https://jira.atlassian.com/browse/CRUC-8314 https://jira.atlassian.com/browse/FE-7105 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2018-13398
https://notcve.org/view.php?id=CVE-2018-13398
The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnerability. El recurso administrativo smart-commits en Atlassian Fisheye y Crucible en versiones anteriores a la 4.5.4 permite que atacantes remotos modifiquen las opciones de smart-commit mediante una vulnerabilidad Cross-Site Request Forgery (CSRF). • https://jira.atlassian.com/browse/CRUC-8312 https://jira.atlassian.com/browse/FE-7100 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2018-13392
https://notcve.org/view.php?id=CVE-2018-13392
Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue keys. Varios recursos en Atlassian FishEye y Crucible, en versiones anteriores a la 4.6.0, permiten que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad Cross-Site Scripting (XSS) en las claves de envío asociadas. • http://www.securityfocus.com/bid/105096 https://jira.atlassian.com/browse/CRUC-8304 https://jira.atlassian.com/browse/FE-7081 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-13388
https://notcve.org/view.php?id=CVE-2018-13388
The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files. El recurso review attachment en Atlassian FishEye y Crucible, en versiones anteriores a la 4.5.3, permiten que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad Cross-Site Scripting (XSS) en los archivos adjuntos. • http://www.securityfocus.com/bid/104717 https://jira.atlassian.com/browse/CRUC-8209 https://jira.atlassian.com/browse/FE-7059 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •