Vulmon
Recent Vulnerabilities
Trends
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
jira vulnerabilities and exploits
(subscribe to this query)
2.6
CVSSv2
CVE-2006-3338
Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a direct request to secure/ConfigureReleaseNote.jspa, which are not sanitized before being returned in an error page....
Atlassian
Jira
3.5
CVSSv2
CVE-2019-8444
The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in image attribute specification....
Atlassian
Jira
9.3
CVSSv2
CVE-2019-11581
There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions...
Atlassian
Jira
11 Github repositories available
3 Articles available
5
CVSSv2
CVE-2019-8448
The login.jsp resource in Jira before version 7.13.4, and from version 8.0.0 before version 8.2.2 allows remote attackers to enumerate usernames via an information disclosure vulnerability....
Atlassian
Jira
5.8
CVSSv2
CVE-2019-11585
The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open...
Atlassian
Jira
4.3
CVSSv2
CVE-2019-11587
Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF)....
Atlassian
Jira
4.3
CVSSv2
CVE-2017-14594
The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter....
Atlassian
Jira
4
CVSSv2
CVE-2019-15013
The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8.5.2 allows authenticated remote attackers who do not have project administration access to remove a configured issue...
Atlassian
Jira
5
CVSSv2
CVE-2018-5231
The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to perform a denial of service attack via sending requests...
Atlassian
Jira
4.3
CVSSv2
CVE-2019-20100
The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version...
Atlassian
Jira
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-2034
SSTI
mods-for-hesk
phplist
mods for hesk
CVE-2020-15092
CVE-2020-8195
open redirect
CVE-2018-12371
overflow
CVE-2012-6489
CVE-2013-0802
« PREV
1
2
3
4
5
6
7
8
9
NEXT »
Vulmon