GHSA-FC3H-92P8-H36F Unauthenticated File Upload in Gogs

Security Advisory:Unauthenticated File Upload in Gogs Vulnerability Type: Unauthenticated File Upload Date: Aug 5, 2025 Discoverer: OpenAI Security Research Summary Gogs exposes unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled default, any...

CVE-2019-14953

JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser...

CVE-2019-12867

Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168...

Atlassian Jira 8.9.x < 8.9.1 Xss In Issue Attachments

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.9.1. It is, therefore, affected by a vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability issue...

Atlassian Jira 8.6.0 < 8.8.2 Xss In Issue Attachments

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.9.1. It is, therefore, affected by a vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability issue...

Atlassian Jira 8.9.0 < 8.9.1 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to version 8.5.5, 8.6.0 prior to 8.8.2 or 8.9.0 prior to 8.9.1. It is, therefore, affected by multiple vulnerabilities: - A flaw which allows remote attackers to inject arbitrary...

Atlassian Jira 8.0.7 < 8.5.5 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to version 8.5.5, 8.6.0 prior to 8.8.2 or 8.9.0 prior to 8.9.1. It is, therefore, affected by multiple vulnerabilities: - A flaw which allows remote attackers to inject arbitrary...

Atlassian Jira 8.0.8 < 8.5.5 Xss In Issue Attachments

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.9.1. It is, therefore, affected by a vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability issue...

DEBIAN-CVE-2022-44030

Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user...

FreeBSD : gogs -- XSS in issue attachments (647ac600-cc70-11ec-9cfc-10c37b4ac2ea)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 647ac600-cc70-11ec-9cfc-10c37b4ac2ea advisory. - The gogs project reports: Repository issues page allows HTML attachments with arbitrary JS code...

Atlassian Jira < 8.5.5 / 8.6.x < 8.8.2 / 8.9.x < 8.9.1 Multiple Cross-Site Scripting (XSS)

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.5, or version 8.6.x prior to 8.8.2, 8.9.x prior to 8.9.1. It is, therefore, affected by a multiple Cross-Site scripting XSS vulnerabilities. - Remote attackers can inject...

Atlassian JIRA Server and Data Center Cross-Site Scripting Vulnerability (CNVD-2020-53363)

Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia.Atlassian JIRA Server is the server version of a defect tracking management system. Atlassian JIRA Server is the server version of a defect tracking management system that is used to track and manage all...

XSS in Issue - Attachments - CVE-2020-4025

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability issue attachments with a rdf content type. Affected versions: version 8.5.5 8.6.0 ≤ version 8.8.2 8.9.0 ≤ version 8.9.1 Fixed...

XSS in Issue - Attachments - CVE-2020-4025

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability issue attachments with a rdf content type. Affected versions: version 8.5.5 8.6.0 ≤ version 8.8.2 8.9.0 ≤ version 8.9.1 Fixed...

XSS in Issue - Attachments - CVE-2020-4024

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability issue attachments with a vnd.wap.xhtml+xml content type. Affected versions: version 8.5.5 8.6.0 ≤ version 8.8.2 8.9.0 ≤ version 8.9...

XSS in Issue - Attachments - CVE-2020-4024

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability issue attachments with a vnd.wap.xhtml+xml content type. Affected versions: version 8.5.5 8.6.0 ≤ version 8.8.2 8.9.0 ≤ version 8.9...

XSS in Issue - Attachments - CVE-2020-4022

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in Issue attachments. Affected versions: version 8.5.5 8.6.0 ≤ version 8.8.2 8.9.0 ≤ version 8.9.1 Fixed versions: 8.5.5 8.8.2 8.9....

XSS in Issue - Attachments - CVE-2020-4022

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in Issue attachments. Affected versions: version 8.5.5 8.6.0 ≤ version 8.8.2 8.9.0 ≤ version 8.9.1 Fixed versions: 8.5.5 8.8.2 8.9....

CVE-2019-14953

JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser...

CVE-2019-14953

JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser...