73 matches found
CVE-2021-36387
In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a specially crafted HTTP POST request to the page "ActivityStreamAjax.i4"...
Yellowfin Business Intelligence Yellowfin 跨站脚本漏洞
Yellowfin is a business intelligence automated analytics, cross-vendor narrative and collaboration software suite. A stored cross-site scripting vulnerability exists in the video embedding feature in Yellowfin versions prior to 9.6.1. An attacker can exploit this vulnerability by sending a...
Cross-site Scripting (XSS)
Activity Stream is vulnerable to cross-site scripting XSS. It can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Strea...
The vulnerability in the implementation of the Firefox browser’s Activity Stream page allows a perpetrator to access confidential data.
The vulnerability of the Firefox browser’s Activity Stream page relates to a bug in content writing without clearing. Exploiting this vulnerability can allow an attacker to gain access to confidential data...
Atlassian JIRA 7.x.x < 7.13.1 / 8.0.0 Cross-Site Scripting (XSS) Vulnerability (SB18-141)
According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is potentially affected by a cross-site scripting vulnerability which allows a reflected cross-site scripting XSS attack. This flaw exists because the activity stream gadget does not...
Atlassian Jira Cross-Site Scripting Vulnerability (CNVD-2019-27253)
Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A cross-site scripting vulnerability exists in the activity stream gadget in Atlassian Jira versions prior to 7.13.1. The...
Cross site scripting
The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the country parameter...
CVE-2018-20827
The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the country parameter...
CVE-2018-20827
CVE-2018-20827 — Jira XSS via country parameter Affected: Atlassian Jira (server) with the activity stream gadget, specifically versions before 7.13.1 (and related entries reference 8.0.0 in a Nessus plugin). Description: The vulnerability arises because the activity stream gadget does not proper...
Time logged shown on Activity Stream gadget.
h3. Summary When using a group comment visibility on worklogs the restriction is not applied in the Activity Stream and this shows the time logged by a user even if the user that is logged in is not part of the group. h3. Steps to Reproduce Set up a test user JIRA Users. Enable comment visibility...
CVE-2019-11718
Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper...
CVE-2019-11718
Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper...
Design/Logic Flaw
Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper...
CVE-2019-11718
Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper...
CVE-2019-11718
CVE-2019-11718 affects Mozilla Firefox (before 68.0). The issue arises from Activity Stream writing unsanitized content to innerHTML, enabling potential access to information such as browsing history if the Snippet Service is compromised. The CVE is documented with a CVSS v3.1 base score of 5.3 (...
CVE-2019-11718
Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper...
CVE-2019-11718
Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper...
XSS in the activity stream gadget via the country parameter - CVE-2018-20827
The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the country parameter...
XSS in the activity stream gadget via the country parameter - CVE-2018-20827
The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the country parameter...
Restricted Work Log entries show in the Activity Stream in JIRA Server
This is a regression of bug JRASERVER-34022: Restricted Work Log entries show in the Activity Stream in JIRA Server fixed in JIRA Server including JIRA Core 7.3.8|https://jira.atlassian.com/browse/JRASERVER-34022. Apparently this is a regression and users that are not meant to see the worklogs ca...