Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atlassian crucible vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2017-18034
The source browse resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 allows allows remote attackers that have write access to an indexed repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in via a specially craf...
Atlassian Crucible
Atlassian Fisheye 4.6.0
Atlassian Fisheye
Atlassian Crucible 4.6.0
4.8
CVSSv3
CVE-2017-18094
Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allow remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the base path setti...
Atlassian Fisheye 4.5.0
Atlassian Fisheye
Atlassian Crucible 4.5.0
Atlassian Crucible
9
CVSSv3
CVE-2017-14591
Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing malicious users to execute arbitrary code on a system running the impacted software.
Atlassian Fisheye
Atlassian Crucible 4.5.0
Atlassian Crucible
Atlassian Fisheye 4.5.0
5.4
CVSSv3
CVE-2017-9508
Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file.
Atlassian Crucible 4.4.0
Atlassian Fisheye 4.3.1
Atlassian Fisheye 4.4.0
Atlassian Crucible 4.3.1
4.3
CVSSv3
CVE-2017-18035
The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existe...
Atlassian Fisheye
Atlassian Crucible
4.8
CVSSv3
CVE-2017-18091
The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and prior to 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in ...
Atlassian Fisheye
Atlassian Crucible
4.8
CVSSv3
CVE-2017-18093
Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and prior to 4.5.0 allow remote attackers who have permission to add or modify a repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability...
Atlassian Fisheye
Atlassian Crucible
4.8
CVSSv3
CVE-2018-20240
The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter.
Atlassian Crucible
Atlassian Fisheye
5.4
CVSSv3
CVE-2020-4013
The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote malicious users to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives.
Atlassian Crucible
Atlassian Fisheye
5.3
CVSSv3
CVE-2020-4016
The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote malicious users to get the ID of configured Jira application links via an information disclosure vulnerability.
Atlassian Crucible
Atlassian Fisheye
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »