Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crucible vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2019-15007
The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch.
Atlassian Crucible
Atlassian Fisheye
4.3
CVSSv2
CVE-2019-15008
The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the reviewedBranch parameter.
Atlassian Crucible
Atlassian Fisheye
4
CVSSv2
CVE-2019-15009
The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote malicious users to remove another user's favourite setting for a project via an improper authorization vulnerability.
Atlassian Crucible
Atlassian Fisheye
5
CVSSv2
CVE-2020-4017
The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote malicious users to get information about any configured Jira application links via an information disclosure vulnerability.
Atlassian Crucible
Atlassian Fisheye
3.5
CVSSv2
CVE-2018-13388
The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files.
Atlassian Crucible
Atlassian Fisheye
4.3
CVSSv2
CVE-2018-13392
Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue keys.
Atlassian Fisheye
Atlassian Crucible
4.3
CVSSv2
CVE-2018-13398
The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote malicious users to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnerability.
Atlassian Crucible
Atlassian Fisheye
4.6
CVSSv2
CVE-2018-13399
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local malicious users to escalate privileges because of weak permissions on the installation directory.
Atlassian Fisheye
Atlassian Crucible
4
CVSSv2
CVE-2017-18035
The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existe...
Atlassian Fisheye
Atlassian Crucible
5
CVSSv2
CVE-2017-9511
The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote malicious users to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system.
Atlassian Fisheye
Atlassian Crucible
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »