Fisheye Security Vulnerabilities and Issues — Fisheye CVE List

Lucene search

AtlassianFisheye

9 matches found

CVE•added 2022/03/16 1:15 a.m.•144 views

CVE-2021-43956

The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability.

6.1CVSS6.1AI score0.00368EPSS

CVE•added 2020/08/05 4:15 a.m.•52 views

CVE-2017-18112

Affected versions of Atlassian Fisheye allow remote attackers to view the HTTP password of a repository via an Information Disclosure vulnerability in the logging feature. The affected versions are before version 4.8.3.

6.5CVSS6.3AI score0.0031EPSS

CVE•added 2017/10/11 6:29 p.m.•48 views

CVE-2017-14588

Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter.

6.1CVSS5.9AI score0.00239EPSS

CVE•added 2018/02/16 6:29 p.m.•47 views

CVE-2017-18090

Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a commit author.

6.1CVSS6AI score0.00225EPSS

CVE•added 2019/12/11 3:15 p.m.•44 views

CVE-2019-15008

The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the reviewedBranch parameter.

6.1CVSS5.9AI score0.00525EPSS

CVE•added 2018/06/28 2:29 p.m.•40 views

CVE-2017-16859

The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command parame...

6.5CVSS6.5AI score0.01427EPSS

CVE•added 2018/09/18 2:29 p.m.•38 views

CVE-2018-13398

The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnerability.

6.5CVSS6.5AI score0.00136EPSS

CVE•added 2018/08/13 1:29 p.m.•34 views

CVE-2018-13392

Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue keys.

6.1CVSS6AI score0.00395EPSS

CVE•added 2018/04/24 12:29 p.m.•34 views

CVE-2018-5228

The /browse/~raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the handling of response headers.

6.1CVSS5.9AI score0.00264EPSS