Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crucible vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2020-4017
The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote malicious users to get information about any configured Jira application links via an information disclosure vulnerability.
Atlassian Crucible
Atlassian Fisheye
383
VMScore
CVE-2017-14588
Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter.
Atlassian Crucible
Atlassian Fisheye
445
VMScore
CVE-2021-43957
Affected versions of Atlassian Fisheye & Crucible allowed remote malicious users to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected vers...
Atlassian Crucible
Atlassian Fisheye
578
VMScore
CVE-2018-5223
Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to add a repository in Fisheye or Crucible can execute code of their choice on...
Atlassian Fisheye
Atlassian Crucible
383
VMScore
CVE-2018-5228
The /browse/~raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the handling of response headers.
Atlassian Fisheye
Atlassian Crucible
312
VMScore
CVE-2017-14587
The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter.
Atlassian Fisheye
Atlassian Crucible
312
VMScore
CVE-2018-13388
The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files.
Atlassian Crucible
Atlassian Fisheye
383
VMScore
CVE-2018-13398
The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote malicious users to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnerability.
Atlassian Crucible
Atlassian Fisheye
445
VMScore
CVE-2020-29446
Affected versions of Atlassian Fisheye & Crucible allow remote malicious users to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. The affected versions are before version 4.8.5.
Atlassian Crucible
Atlassian Fisheye
312
VMScore
CVE-2020-4013
The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote malicious users to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives.
Atlassian Crucible
Atlassian Fisheye
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »