Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atlassian fisheye vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2021-43954
The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vuln...
Atlassian Crucible
Atlassian Fisheye
5.4
CVSSv3
CVE-2018-13388
The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files.
Atlassian Crucible
Atlassian Fisheye
7.8
CVSSv3
CVE-2018-13399
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local malicious users to escalate privileges because of weak permissions on the installation directory.
Atlassian Fisheye
Atlassian Crucible
7.2
CVSSv3
CVE-2018-5223
Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to add a repository in Fisheye or Crucible can execute code of their choice on...
Atlassian Fisheye
Atlassian Crucible
6.1
CVSSv3
CVE-2018-5228
The /browse/~raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the handling of response headers.
Atlassian Fisheye
Atlassian Crucible
5.4
CVSSv3
CVE-2017-14587
The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter.
Atlassian Fisheye
Atlassian Crucible
6.1
CVSSv3
CVE-2017-14588
Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter.
Atlassian Crucible
Atlassian Fisheye
4.3
CVSSv3
CVE-2021-43955
The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote malicious users to obtain information about installation directories via information disclosure vulnerability.
Atlassian Crucible
Atlassian Fisheye
6.1
CVSSv3
CVE-2021-43956
The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote malicious users to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability.
Atlassian Crucible
Atlassian Fisheye
5.4
CVSSv3
CVE-2017-9507
The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the review filter title parameter.
Atlassian Crucible
Atlassian Fisheye
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »