Atlassian Jira < 6.0.4 Directory Traversal In Issue Collector

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 6.0.4. It is, therefore, affected by a directory traversal in the Issue Collector component. Note that the scanner has not tested for these issues but has instead relied only ...

Atlassian Jira 授权问题漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage various types of issues and defects in the workplace. An authorization issue vulnerability exists in Atlassian Jira Server and Data Center, which originates from a vulnerability...

Roblox: Reflected XSS through multiple inputs in the issue collector on Jira

Note I put this as Medium because that's what the CVE is. This vulnerability is known and it's classified under CVE-2018-5230. Here's a link to the thread on it by Atlassian: https://jira.atlassian.com/browse/JRASERVER-67289 Description --------------------- I noticed when testing that your Jira...

Atlassian Jira issue collector cross-site scripting vulnerability

Atlassian JIRA is a defect tracking management system from Atlassian Australia. The system is mainly used to track and manage all kinds of issues and defects in the workplace. issue collector is one of the issue collectors. A cross-site scripting vulnerability exists in the error message of a...

CVE-2018-5230

The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in t...

CVE-2018-5230

The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in t...

XSS in the issue collector through invalid values for a custom field - CVE-2018-5230

The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in t...

XSS in the issue collector through invalid values for a custom field - CVE-2018-5230

The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in t...

Atlassian JIRA 6.4.x < 6.4.10 CSRF / XSRF (Bar Mitzvah)

Binary data 9736.prm...

Atlassian JIRA < 6.0.4 Arbitrary File Creation

According to its self-reported version number, the version of Atlassian JIRA hosted on the remote web server is prior to version 6.0.4. It is, therefore, potentially affected by an arbitrary file creation vulnerability due to a flaw in the Issue Collector plugin in which the 'filename' POST...

Atlassian JIRA Issue Collector插件目录遍历漏洞

CVE ID:CVE-2014-2314 Atlassian JIRA是一款基于J2EE技术的项目问题跟踪以及管理软件。 Atlassian JIRA Issue Collector插件存在目录遍历漏洞，允许远程攻击者利用漏洞创建任意文件。 0 Atlassian JIRA 厂商补丁： Atlassian ----- Atlassian JIRA 6.0.4已经修复该漏洞，建议用户下载更新： https://www.atlassian.com...

Atlassian JIRA Issue Collector插件目录遍历漏洞

CVE ID:CVE-2014-2313 Atlassian JIRA是一款基于J2EE技术的项目问题跟踪以及管理软件。 Atlassian JIRA Issue Collector插件存在目录遍历漏洞，允许远程攻击者利用漏洞创建任意文件。 0 Atlassian JIRA 厂商补丁： Atlassian ----- Atlassian JIRA 6.0.4已经修复该漏洞，建议用户下载更新： https://www.atlassian.com...

CVE-2014-2314

Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors...

Directory traversal

Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors...

CVE-2014-2314

CVE-2014-2314 affects Atlassian Jira’s Issue Collector in versions prior to 6.0.4. The vulnerability is a directory traversal flaw in the Issue Collector component, driven by insufficient validation of the filename parameter, allowing a remote attacker to create arbitrary files. Several connected...

XSS in Issue Collector

Hi Atlassian! There is a XSS vulnerability in the issue collector: File: /atlassian-jira-5.1.8-source/jira-issue-collector-plugin/src/main/resources/templates/view-collector.vm Line 82: $issue.summary Anonymous users can inject JS in the issue summary which usually will be executed by users with...

XSS in Issue Collector

Hi Atlassian! There is a XSS vulnerability in the issue collector: File: /atlassian-jira-5.1.8-source/jira-issue-collector-plugin/src/main/resources/templates/view-collector.vm Line 82: $issue.summary Anonymous users can inject JS in the issue summary which usually will be executed by users with...

XSS in Issue Collector

Hi Atlassian! There is a XSS vulnerability in the issue collector: File: /atlassian-jira-5.1.8-source/jira-issue-collector-plugin/src/main/resources/templates/view-collector.vm Line 82: $issue.summary Anonymous users can inject JS in the issue summary which usually will be executed by users with...