EUVD-2019-6087

Malware in sbrugna...

CVE-2019-14999

The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery CSRF vulnerability on an authenticated...

The bundled Atlassian Universal Plugin Manager plugin had a XXE issue - CVE-2018-20233

The version of the bundled Atlassian Universal Plugin Manager plugin had a XML External Entity vulnerability that allowed remote attackers with system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in t...

Atlassian Universal Plugin Manager Cross-Site Scripting Vulnerability

Atlassian Universal Plugin Manager is a set of tools from Atlassian Australia for managing add-ons in Atlassian applications. A cross-site scripting vulnerability exists in the NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager versions prior to 2.22.9. A remote...

CVE-2018-5229

The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of user submitted add-on names...

Cross site scripting

The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of user submitted add-on names...

CVE-2018-5229

The CVE concerns Atlassian Universal Plugin Manager (UPM). The vulnerability is a Cross-Site Scripting (XSS) in the NotificationRepresentationFactoryImpl class that affects UPM versions before 2.22.9, allowing an attacker to inject arbitrary HTML/JavaScript via user-submitted add-on names. Public...