Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atlassian jira 8.0.0 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-8445
Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote malicious users to view worklog time information via a missing permissions check.
Atlassian Jira Server
3.5
CVSSv2
CVE-2017-18102
The wiki markup component of atlassian-renderer from version 8.0.0 before version 8.0.22 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in nested wiki markup.
Atlassian Jira Server
3.5
CVSSv2
CVE-2019-8444
The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in image attribute specification.
Atlassian Jira Server
4.3
CVSSv2
CVE-2019-14996
The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.3 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.
Atlassian Jira Server
4.3
CVSSv2
CVE-2019-3400
The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jql parameter.
Atlassian Jira Server
5.8
CVSSv2
CVE-2019-11589
The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote malicious users to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) ...
Atlassian Jira Server
3.5
CVSSv2
CVE-2019-8450
Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the ...
Atlassian Jira Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4