CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

JIRA Workflow Designer Plugin in Atlassian JIRA Server > 6.3.0 - Remote Code Execution (XXE)

The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object. id: CVE-2017-5983 info: name:...

9.8CVSS7.6AI score0.04301EPSS

Exploits1References2

Veracode•added 2025/10/28 8:26 a.m.•2 views

Cross-site Scripting

com.liferay.portal.workflow.kaleo.designer.web is vulnerable to Cross-Site Scripting. The vulnerability is due to the workflow builder accepting and persisting crafted input without neutralizing HTML/JavaScript, allowing attackers to inject arbitrary web script or HTML by submitting specially...

5.4CVSS6.4AI score0.00028EPSS

Exploits0References5Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2017-15052

Malware in sbrugna...

9.8CVSS9.3AI score0.04301EPSS

Exploits1References6

Positive Technologies•added 2024/04/02 12:0 a.m.•1 views

PT-2024-22847 · Seeyonoa · Seeyonoa

Name of the Vulnerable Software and Affected Versions: seeyonOA version 8 Description: An issue was discovered that allows remote attackers to execute arbitrary code via the importProcess method in the WorkFlowDesignerController.class component. Recommendations: For seeyonOA version 8, as a...

9.8CVSS8.2AI score0.14675EPSS

Exploits0References4

CNVD•added 2017/04/12 12:0 a.m.•3 views

Atlassian JIRA Remote Code Execution Vulnerability

Atlassian JIRA is a project and transaction tracking tool from Atlassian. The Atlassian JIRA Workflow Designer plug-in does not properly use XML parsers and parallelizers, which can be exploited by remote attackers to submit special serialized Java objects, execute arbitrary code, read arbitrary...

9.8CVSS7.4AI score0.04301EPSS

Exploits1References1