Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fisheye vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2021-43955
The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote malicious users to obtain information about installation directories via information disclosure vulnerability.
Atlassian Crucible
Atlassian Fisheye
383
VMScore
CVE-2021-43956
The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote malicious users to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability.
Atlassian Crucible
Atlassian Fisheye
668
VMScore
CVE-2021-43958
Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote malicious users to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to prov...
Atlassian Crucible
Atlassian Fisheye
668
VMScore
CVE-2017-16861
It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An attacker who can access the web interface of Fisheye or Crucible or who hosts a website that a user who can access the web interface of Fisheye or Cr...
Atlassian Fisheye
Atlassian Crucible
578
VMScore
CVE-2018-5223
Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to add a repository in Fisheye or Crucible can execute code of their choice on...
Atlassian Fisheye
Atlassian Crucible
383
VMScore
CVE-2018-5228
The /browse/~raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the handling of response headers.
Atlassian Fisheye
Atlassian Crucible
312
VMScore
CVE-2019-15007
The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch.
Atlassian Crucible
Atlassian Fisheye
383
VMScore
CVE-2019-15008
The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the reviewedBranch parameter.
Atlassian Crucible
Atlassian Fisheye
356
VMScore
CVE-2019-15009
The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote malicious users to remove another user's favourite setting for a project via an improper authorization vulnerability.
Atlassian Crucible
Atlassian Fisheye
312
VMScore
CVE-2020-4013
The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote malicious users to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives.
Atlassian Crucible
Atlassian Fisheye
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »