Page 9 of 48 results (0.024 seconds)

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter. El recurso de borrado de usuarios de administración en Atlassian Fisheye y Crucible en versiones anteriores a la 4.4.2 permite a los atacantes remotos inyectar HTML o JavaScript arbitrarios a través de una vulnerabilidad de Cross-Site Scripting (XSS) en el parámetro uname • http://www.securityfocus.com/bid/101266 https://jira.atlassian.com/browse/CRUC-8112 https://jira.atlassian.com/browse/FE-6933 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter. Varios recursos en Atlassian Fisheye y Crucible en versiones anteriores a la 4.4.2 permiten a los atacantes remotos inyectar HTML o JavaScript arbitrarios a través de una vulnerabilidad de cross site scripting (XSS) en el parámetro de diálogo. • http://www.securityfocus.com/bid/101268 https://jira.atlassian.com/browse/CRUC-8113 https://jira.atlassian.com/browse/FE-6935 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system. La clase MultiPathResource en Atlassian FishEye y Crucible en versiones anteriores a la 4.4.1 permite que atacantes anónimos remotos lean archivos arbitrarios mediante una vulnerabilidad de salto de directorio cuando FishEye o Crucible se ejecutan en el sistema operativo Microsoft Windows • https://jira.atlassian.com/browse/CRUC-8049 https://jira.atlassian.com/browse/FE-6891 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

The repository changelog resource in Atlassian Fisheye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the start date and end date parameters. El recurso de registro de cambios en el repositorio en Atlassian Fisheye en versiones anteriores a la 4.4.1 permite que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad cross-Site Scripting (XSS a través de los parámetros de fecha de inicio y fecha de finalización • https://jira.atlassian.com/browse/FE-6890 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file. El recurso review file upload en Atlassian Crucible en versiones anteriores a la 4.4.1 permite que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad cross-Site Scripting (XSS) mediante el conjunto de caracteres de un archivo previamente subido. • https://jira.atlassian.com/browse/CRUC-8046 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •