Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-20401

Summary
Assigner-atlassian
Assigner Org ID-f08a6ab8-ed46-4c22-8884-d911ccfe3c66
Published At-06 Feb, 2020 | 03:10
Updated At-16 Sep, 2024 | 16:23
Rejected At-
Credits

Various installation setup resources in Jira before version 8.5.2 allow remote attackers to configure a Jira instance, which has not yet finished being installed, via Cross-site request forgery (CSRF) vulnerabilities.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:atlassian
Assigner Org ID:f08a6ab8-ed46-4c22-8884-d911ccfe3c66
Published At:06 Feb, 2020 | 03:10
Updated At:16 Sep, 2024 | 16:23
Rejected At:
▼CVE Numbering Authority (CNA)

Various installation setup resources in Jira before version 8.5.2 allow remote attackers to configure a Jira instance, which has not yet finished being installed, via Cross-site request forgery (CSRF) vulnerabilities.

Affected Products
Vendor
AtlassianAtlassian
Product
Jira Server
Versions
Affected
  • From unspecified before 8.5.2 (custom)
Problem Types
TypeCWE IDDescription
textN/ACross-Site Request Forgery (CSRF)
Type: text
CWE ID: N/A
Description: Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://jira.atlassian.com/browse/JRASERVER-70406
x_refsource_MISC
Hyperlink: https://jira.atlassian.com/browse/JRASERVER-70406
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://jira.atlassian.com/browse/JRASERVER-70406
x_refsource_MISC
x_transferred
Hyperlink: https://jira.atlassian.com/browse/JRASERVER-70406
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@atlassian.com
Published At:06 Feb, 2020 | 03:15
Updated At:25 Mar, 2022 | 18:14

Various installation setup resources in Jira before version 8.5.2 allow remote attackers to configure a Jira instance, which has not yet finished being installed, via Cross-site request forgery (CSRF) vulnerabilities.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
Atlassian
atlassian
>>jira_server>>Versions from 7.6.15(inclusive) to 8.5.2(exclusive)
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
Atlassian
atlassian
>>jira_server>>Versions from 8.5.3(inclusive) to 8.6.0(exclusive)
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://jira.atlassian.com/browse/JRASERVER-70406security@atlassian.com
Vendor Advisory
Hyperlink: https://jira.atlassian.com/browse/JRASERVER-70406
Source: security@atlassian.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1084Records found
CVE-2019-11587
Matching Score-10
Assigner-Atlassian
ShareView Details
Matching Score-10
Assigner-Atlassian
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.00%
||
7 Day CHG~0.00%
Published-23 Aug, 2019 | 13:49
Updated-17 Sep, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF).

Action-Not Available
Vendor-Atlassian
Product-jira_serverjiraJira
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-11586
Matching Score-10
Assigner-Atlassian
ShareView Details
Matching Score-10
Assigner-Atlassian
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.00%
||
7 Day CHG~0.00%
Published-23 Aug, 2019 | 13:49
Updated-16 Sep, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerability.

Action-Not Available
Vendor-Atlassian
Product-jira_serverjiraJira
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-13394
Matching Score-10
Assigner-Atlassian
ShareView Details
Matching Score-10
Assigner-Atlassian
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.72%
||
7 Day CHG~0.00%
Published-15 Aug, 2018 | 12:00
Updated-16 Sep, 2024 | 22:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability.

Action-Not Available
Vendor-Atlassian
Product-questions_for_confluenceConfluence Questions
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-13398
Matching Score-10
Assigner-Atlassian
ShareView Details
Matching Score-10
Assigner-Atlassian
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 33.20%
||
7 Day CHG~0.00%
Published-18 Sep, 2018 | 14:00
Updated-16 Sep, 2024 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnerability.

Action-Not Available
Vendor-Atlassian
Product-fisheyecrucibleFisheye and Crucible
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-13393
Matching Score-10
Assigner-Atlassian
ShareView Details
Matching Score-10
Assigner-Atlassian
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 24.41%
||
7 Day CHG~0.00%
Published-15 Aug, 2018 | 12:00
Updated-16 Sep, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability.

Action-Not Available
Vendor-Atlassian
Product-questions_for_confluenceConfluence Questions
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-16862
Matching Score-10
Assigner-Atlassian
ShareView Details
Matching Score-10
Assigner-Atlassian
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.72%
||
7 Day CHG~0.00%
Published-12 Jan, 2018 | 14:00
Updated-16 Sep, 2024 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability.

Action-Not Available
Vendor-Atlassian
Product-jiraJira
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-20411
Matching Score-10
Assigner-Atlassian
ShareView Details
Matching Score-10
Assigner-Atlassian
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 33.91%
||
7 Day CHG~0.00%
Published-29 Jun, 2020 | 05:30
Updated-16 Sep, 2024 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.

Action-Not Available
Vendor-Atlassian
Product-jira_serverjira_data_centerjiraJira Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-43952
Matching Score-10
Assigner-Atlassian
ShareView Details
Matching Score-10
Assigner-Atlassian
CVSS Score-4.3||MEDIUM
EPSS-0.39% / 60.42%
||
7 Day CHG~0.00%
Published-15 Feb, 2022 | 00:45
Updated-04 Oct, 2024 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configuration of fields via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/RestoreDefaults.jspa endpoint. The affected versions are before version 8.21.0.

Action-Not Available
Vendor-Atlassian
Product-jira_serverjira_data_centerJira ServerJira Data Center
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-43941
Matching Score-10
Assigner-Atlassian
ShareView Details
Matching Score-10
Assigner-Atlassian
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 33.25%
||
7 Day CHG~0.00%
Published-15 Feb, 2022 | 03:30
Updated-08 Oct, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site Request Forgery (CSRF) vulnerability in the jira-importers-plugin. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.

Action-Not Available
Vendor-Atlassian
Product-jira_serverjira_data_centerJira ServerJira Data Center
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-8447
Matching Score-10
Assigner-Atlassian
ShareView Details
Matching Score-10
Assigner-Atlassian
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 28.46%
||
7 Day CHG~0.00%
Published-23 Aug, 2019 | 13:49
Updated-16 Sep, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery (CSRF) vulnerability.

Action-Not Available
Vendor-Atlassian
Product-jira_serverJira
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-20405
Matching Score-10
Assigner-Atlassian
ShareView Details
Matching Score-10
Assigner-Atlassian
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.43%
||
7 Day CHG~0.00%
Published-06 Feb, 2020 | 03:10
Updated-16 Sep, 2024 | 22:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerability.

Action-Not Available
Vendor-Atlassian
Product-jira_serverjira_data_centerJira Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-20415
Matching Score-10
Assigner-Atlassian
ShareView Details
Matching Score-10
Assigner-Atlassian
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.65%
||
7 Day CHG~0.00%
Published-30 Jun, 2020 | 02:50
Updated-17 Sep, 2024 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0 before 8.1.0.

Action-Not Available
Vendor-Atlassian
Product-jira_serverjira_software_data_centerjira_data_centerjiraJira Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-14999
Matching Score-10
Assigner-Atlassian
ShareView Details
Matching Score-10
Assigner-Atlassian
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.00%
||
7 Day CHG~0.00%
Published-23 Aug, 2019 | 13:49
Updated-17 Sep, 2024 | 02:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated administrator.

Action-Not Available
Vendor-Atlassian
Product-universal_plugin_managerUniversal Plugin Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-14998
Matching Score-10
Assigner-Atlassian
ShareView Details
Matching Score-10
Assigner-Atlassian
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 41.70%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 13:56
Updated-16 Sep, 2024 | 22:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance.

Action-Not Available
Vendor-Atlassian
Product-jira_serverJira
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-39124
Matching Score-10
Assigner-Atlassian
ShareView Details
Matching Score-10
Assigner-Atlassian
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 37.98%
||
7 Day CHG~0.00%
Published-14 Sep, 2021 | 04:20
Updated-10 Oct, 2024 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassian Jira Server and Data Center before version 8.16.0 allows remote attackers who are able to trick a user into retrying a request to bypass CSRF protection and replay a crafted request.

Action-Not Available
Vendor-Atlassian
Product-data_centerjiraJira ServerJira Data Center
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-18107
Matching Score-10
Assigner-Atlassian
ShareView Details
Matching Score-10
Assigner-Atlassian
CVSS Score-6.5||MEDIUM
EPSS-0.41% / 61.81%
||
7 Day CHG~0.00%
Published-17 Dec, 2019 | 03:45
Updated-16 Sep, 2024 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability. Please be aware that the Demo application is not enabled by default.

Action-Not Available
Vendor-Atlassian
Product-crowdCrowd
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-18033
Matching Score-10
Assigner-Atlassian
ShareView Details
Matching Score-10
Assigner-Atlassian
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 24.41%
||
7 Day CHG~0.00%
Published-18 Jan, 2018 | 14:00
Updated-17 Sep, 2024 | 03:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities.

Action-Not Available
Vendor-Atlassian
Product-jiraJira
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2008-6831
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.48% / 65.78%
||
7 Day CHG~0.00%
Published-08 Jun, 2009 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA Enterprise Edition 3.13 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname (Full Name) parameter in the ViewProfile page or (2) returnUrl parameter in a form, as demonstrated using secure/AddComment!default.jspa (aka "Add Comment").

Action-Not Available
Vendor-n/aAtlassian
Product-jiran/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-11584
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-6.1||MEDIUM
EPSS-0.23% / 46.09%
||
7 Day CHG~0.00%
Published-23 Aug, 2019 | 13:49
Updated-16 Sep, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url of an issue priority.

Action-Not Available
Vendor-Atlassian
Product-jiraJira
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2007-6617
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.48% / 65.39%
||
7 Day CHG~0.00%
Published-03 Jan, 2008 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterprise Edition before 3.12.1 allows remote attackers to inject arbitrary web script or HTML, which is not properly handled when generating error messages, as demonstrated by input originally sent in the URI to secure/CreateIssue. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aAtlassian
Product-jiran/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-6285
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.76% / 73.81%
||
7 Day CHG~0.00%
Published-31 Jan, 2017 | 22:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.

Action-Not Available
Vendor-n/aAtlassian
Product-jiran/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-5228
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-6.1||MEDIUM
EPSS-0.26% / 50.21%
||
7 Day CHG~0.00%
Published-24 Apr, 2018 | 12:00
Updated-17 Sep, 2024 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The /browse/~raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the handling of response headers.

Action-Not Available
Vendor-Atlassian
Product-fisheyecrucibleFisheye and Crucible
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-5232
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-6.1||MEDIUM
EPSS-0.23% / 46.09%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 14:00
Updated-16 Sep, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuetype parameter.

Action-Not Available
Vendor-Atlassian
Product-jira_serverjiraJira
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-20824
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-6.1||MEDIUM
EPSS-17.83% / 95.28%
||
7 Day CHG+7.07%
Published-03 May, 2019 | 19:26
Updated-17 Sep, 2024 | 02:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter.

Action-Not Available
Vendor-Atlassian
Product-jiraJira
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2005-3967
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.39% / 60.52%
||
7 Day CHG~0.00%
Published-03 Dec, 2005 | 19:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter.

Action-Not Available
Vendor-n/aAtlassian
Product-confluencen/a
CVE-2018-13392
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-6.1||MEDIUM
EPSS-0.49% / 66.16%
||
7 Day CHG~0.00%
Published-13 Aug, 2018 | 13:00
Updated-16 Sep, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue keys.

Action-Not Available
Vendor-Atlassian
Product-fisheyecrucibleFisheye and Crucible
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-13389
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-4.7||MEDIUM
EPSS-0.16% / 36.39%
||
7 Day CHG~0.00%
Published-10 Jul, 2018 | 13:00
Updated-17 Sep, 2024 | 01:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml.

Action-Not Available
Vendor-Atlassian
Product-confluenceConfluence
CWE ID-CWE-20
Improper Input Validation
CVE-2018-13395
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-6.1||MEDIUM
EPSS-0.23% / 46.09%
||
7 Day CHG~0.00%
Published-28 Aug, 2018 | 13:00
Updated-16 Sep, 2024 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and before version 7.11.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the epic colour field of an issue while an issue is being moved.

Action-Not Available
Vendor-Atlassian
Product-jira_serverjiraJira
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-13387
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-6.1||MEDIUM
EPSS-0.19% / 40.86%
||
7 Day CHG~0.00%
Published-16 Jul, 2018 | 13:00
Updated-17 Sep, 2024 | 00:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter as the fix for CVE-2017-18039 was incomplete.

Action-Not Available
Vendor-Atlassian
Product-jira_serverjiraJira
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-5230
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-6.1||MEDIUM
EPSS-34.06% / 97.08%
||
7 Day CHG+11.34%
Published-14 May, 2018 | 13:00
Updated-16 Sep, 2024 | 23:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified.

Action-Not Available
Vendor-Atlassian
Product-jira_serverjiraJira
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-5319
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.51% / 66.76%
||
7 Day CHG~0.00%
Published-20 Aug, 2013 | 14:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via the name parameter to secure/admin/user/DeleteUser!default.jspa.

Action-Not Available
Vendor-n/aAtlassian
Product-jiran/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-26079
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-6.1||MEDIUM
EPSS-0.66% / 71.65%
||
7 Day CHG~0.00%
Published-07 Jun, 2021 | 22:35
Updated-17 Oct, 2024 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CardLayoutConfigTable component in Jira Server and Jira Data Center before version 8.5.15, and from version 8.6.0 before version 8.13.7, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.

Action-Not Available
Vendor-Atlassian
Product-data_centerjira_serverjira_data_centerjiraJira ServerJira Data Center
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-26078
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-6.1||MEDIUM
EPSS-0.56% / 68.65%
||
7 Day CHG~0.00%
Published-07 Jun, 2021 | 22:25
Updated-17 Oct, 2024 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote attackers inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.

Action-Not Available
Vendor-Atlassian
Product-data_centerjira_serverjiraJira ServerJira Data Center
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-26080
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-6.1||MEDIUM
EPSS-0.57% / 69.08%
||
7 Day CHG~0.00%
Published-07 Jun, 2021 | 22:25
Updated-17 Oct, 2024 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, and from 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.

Action-Not Available
Vendor-Atlassian
Product-jira_serverjira_data_centerJira ServerJira Data Center
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-2313
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.27% / 50.23%
||
7 Day CHG~0.00%
Published-07 Mar, 2014 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors.

Action-Not Available
Vendor-n/aMicrosoft CorporationAtlassian
Product-windowsjiran/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-9506
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-6.1||MEDIUM
EPSS-41.46% / 97.49%
||
7 Day CHG+12.48%
Published-23 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).

Action-Not Available
Vendor-Atlassian
Product-oauthAtlassian OAuth Plugin
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2011-4822
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.47% / 64.91%
||
7 Day CHG~0.00%
Published-15 Dec, 2011 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the user profile feature in Atlassian FishEye before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) snippets in a user comment, which is not properly handled in a Confluence page, or (2) the user profile display name, which is not properly handled in a FishEye page.

Action-Not Available
Vendor-n/aAtlassian
Product-fisheyen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18100
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-6.1||MEDIUM
EPSS-0.17% / 38.48%
||
7 Day CHG~0.00%
Published-10 Apr, 2018 | 13:00
Updated-05 Aug, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters.

Action-Not Available
Vendor-n/aAtlassian
Product-jiran/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18081
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-6.1||MEDIUM
EPSS-0.19% / 40.65%
||
7 Day CHG~0.00%
Published-02 Feb, 2018 | 14:00
Updated-16 Sep, 2024 | 23:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie.

Action-Not Available
Vendor-Atlassian
Product-bambooBamboo
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18103
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-4.7||MEDIUM
EPSS-0.17% / 38.17%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 14:00
Updated-17 Sep, 2024 | 01:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the Mozilla Firefox Browser through uploaded files that have a content-type of application/mathml+xml.

Action-Not Available
Vendor-Atlassian
Product-http_libraryatlassian-http
CWE ID-CWE-20
Improper Input Validation
CVE-2017-18039
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-6.1||MEDIUM
EPSS-0.20% / 42.37%
||
7 Day CHG~0.00%
Published-02 Feb, 2018 | 14:00
Updated-16 Sep, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter.

Action-Not Available
Vendor-Atlassian
Product-jiraJira
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18085
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-6.1||MEDIUM
EPSS-0.19% / 40.40%
||
7 Day CHG~0.00%
Published-02 Feb, 2018 | 14:00
Updated-17 Sep, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.

Action-Not Available
Vendor-Atlassian
Product-confluenceConfluence
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18090
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-6.1||MEDIUM
EPSS-0.22% / 45.30%
||
7 Day CHG~0.00%
Published-16 Feb, 2018 | 18:00
Updated-17 Sep, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a commit author.

Action-Not Available
Vendor-Atlassian
Product-fisheyeFisheye
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-16864
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-6.1||MEDIUM
EPSS-0.22% / 45.30%
||
7 Day CHG~0.00%
Published-12 Jan, 2018 | 14:00
Updated-16 Sep, 2024 | 23:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter.

Action-Not Available
Vendor-Atlassian
Product-jiraJira
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-16856
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-6.1||MEDIUM
EPSS-0.19% / 40.40%
||
7 Day CHG~0.00%
Published-05 Dec, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme.

Action-Not Available
Vendor-Atlassian
Product-confluenceConfluence
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-14594
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-6.1||MEDIUM
EPSS-0.26% / 49.19%
||
7 Day CHG~0.00%
Published-12 Jan, 2018 | 14:00
Updated-16 Sep, 2024 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter.

Action-Not Available
Vendor-Atlassian
Product-jira_serverjiraJira
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-14588
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.24%
||
7 Day CHG~0.00%
Published-11 Oct, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter.

Action-Not Available
Vendor-Atlassian
Product-cruciblefisheyeAtlassian Fisheye and Crucible
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-1164
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.57% / 69.00%
||
7 Day CHG~0.00%
Published-20 Apr, 2010 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) element or (2) defaultColor parameter to the Colour Picker page; the (3) formName parameter, (4) element parameter, or (5) full name field to the User Picker page; the (6) formName parameter, (7) element parameter, or (8) group name field to the Group Picker page; the (9) announcement_preview_banner_st parameter to unspecified components, related to the Announcement Banner Preview page; unspecified vectors involving the (10) groupnames.jsp, (11) indexbrowser.jsp, (12) classpath-debug.jsp, (13) viewdocument.jsp, or (14) cleancommentspam.jsp page; the (15) portletKey parameter to runportleterror.jsp; the (16) URI to issuelinksmall.jsp; the (17) afterURL parameter to screenshot-redirecter.jsp; or the (18) HTTP Referrer header to 500page.jsp, as exploited in the wild in April 2010.

Action-Not Available
Vendor-n/aAtlassian
Product-jiran/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-2314
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-65.75% / 98.53%
||
7 Day CHG~0.00%
Published-07 Mar, 2014 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors.

Action-Not Available
Vendor-n/aMicrosoft CorporationAtlassian
Product-windowsjiran/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2016-6283
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-4.15% / 88.92%
||
7 Day CHG~0.00%
Published-18 Jan, 2017 | 22:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action.

Action-Not Available
Vendor-n/aAtlassian
Product-confluencen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 21
  • 22
  • Next
Details not found