Vulmon
Recent Vulnerabilities
Discussions
Trends
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
jira vulnerabilities and exploits
6.8
CVSSv2
CVE-2008-6531
The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole."...
Atlassian
Jira
6.8
CVSSv2
CVE-2019-8443
The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource...
Atlassian
Jira
4.3
CVSSv2
CVE-2017-16863
The PieChart gadget in Atlassian Jira before version 7.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a project or filter....
Atlassian
Jira
3.5
CVSSv2
CVE-2017-16865
The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource...
Atlassian
Jira
4.3
CVSSv2
CVE-2018-5230
The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting...
Atlassian
Jira
5.8
CVSSv2
CVE-2018-13402
Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version...
Atlassian
Jira
4
CVSSv2
CVE-2018-1000412
An improper authorization vulnerability exists in Jenkins Jira Plugin 3.0.1 and earlier in JiraSite.java that allows attackers with Overall/Read access to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...
Jenkins
Jira
4.3
CVSSv2
CVE-2017-18104
The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers who are able to observe or otherwise intercept webhook events to learn information about changes in issues that should not be sent because they are...
Atlassian
Jira
4.3
CVSSv2
CVE-2017-18098
The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fields....
Atlassian
Jira
4.3
CVSSv2
CVE-2008-6831
Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA Enterprise Edition 3.13 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname (Full Name) parameter in the ViewProfile page or (2) returnUrl parameter in a form, as demonstrated...
Atlassian
Jira
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
apq8009 firmware
CVE-2020-7211
LFI
CVE-2019-18187
CVE-2019-19413
CVE-2020-0674
CVE-2019-14768
CVE-2011-3621
qualcomm
man-in-the-middle
path traversal
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »
Vulmon