Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
AtlassianCrucible

16 matches found

CVE
CVEadded 2021/01/18 2:15 a.m.77 views

CVE-2020-29446

Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. The affected versions are before version 4.8.5.

5.3CVSS6AI score0.0039EPSS
CVE
CVEadded 2019/04/30 4:29 p.m.73 views

CVE-2018-20239

Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the appl...

5.4CVSS5.2AI score0.00407EPSS
CVE
CVEadded 2020/06/01 7:15 a.m.67 views

CVE-2020-4017

The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclosure vulnerability.

5.3CVSS5.1AI score0.00411EPSS
CVE
CVEadded 2017/10/11 6:29 p.m.64 views

CVE-2017-14587

The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter.

5.4CVSS5.3AI score0.00196EPSS
CVE
CVEadded 2017/08/24 5:29 p.m.53 views

CVE-2017-9508

Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file.

5.4CVSS5.4AI score0.00223EPSS
CVE
CVEadded 2020/06/01 7:15 a.m.53 views

CVE-2020-4013

The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives.

5.4CVSS5.2AI score0.00215EPSS
CVE
CVEadded 2020/06/01 7:15 a.m.52 views

CVE-2020-4016

The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability.

5.3CVSS5.1AI score0.00411EPSS
CVE
CVEadded 2017/08/24 5:29 p.m.47 views

CVE-2017-9509

The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file.

5.4CVSS5.7AI score0.00257EPSS
CVE
CVEadded 2017/08/24 5:29 p.m.45 views

CVE-2017-9507

The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the review filter title parameter.

5.4CVSS5.4AI score0.00257EPSS
CVE
CVEadded 2020/06/01 7:15 a.m.45 views

CVE-2020-4023

The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the committerFilter parameter.

5.4CVSS5.2AI score0.00342EPSS
CVE
CVEadded 2018/02/02 2:29 p.m.43 views

CVE-2017-18034

The source browse resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 allows allows remote attackers that have write access to an indexed repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in via a specially crafted repository bran...

5.4CVSS5.3AI score0.0014EPSS
CVE
CVEadded 2018/07/10 1:29 p.m.40 views

CVE-2018-13388

The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files.

5.4CVSS5.3AI score0.00167EPSS
CVE
CVEadded 2018/02/16 6:29 p.m.39 views

CVE-2017-18089

The view review history resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the invited reviewers for a review.

5.4CVSS5.3AI score0.0018EPSS
CVE
CVEadded 2019/02/20 3:0 p.m.39 views

CVE-2018-20241

The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter.

5.4CVSS5.3AI score0.00207EPSS
CVE
CVEadded 2018/02/19 2:29 p.m.38 views

CVE-2017-18092

The print snippet resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of a comment on the snippet.

5.4CVSS5.3AI score0.0018EPSS
CVE
CVEadded 2018/02/19 2:29 p.m.35 views

CVE-2017-18095

The SnippetRPCServiceImpl class in Atlassian Crucible before version 4.5.1 (the fixed version 4.5.x) and before 4.6.0 allows remote attackers to comment on snippets they do not have authorization to access via an improper authorization vulnerability.

5.3CVSS5.4AI score0.00206EPSS