Jira Server Security Vulnerabilities and Issues — Jira Server CVE List

Lucene search

AtlassianJira Server

13 matches found

CVE•added 2018/05/14 1:29 p.m.•80 views

CVE-2018-5230

The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in t...

6.1CVSS5.9AI score0.20001EPSS

CVE•added 2018/05/16 1:29 p.m.•69 views

CVE-2018-5231

The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to perform a denial of service attack via sending requests to it.

7.5CVSS7.3AI score0.00979EPSS

CVE•added 2018/01/12 2:29 p.m.•65 views

CVE-2017-14594

The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter.

6.1CVSS5.9AI score0.00225EPSS

CVE•added 2018/04/10 1:29 p.m.•64 views

CVE-2017-18101

Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if ...

6.5CVSS6.4AI score0.00384EPSS

CVE•added 2018/08/28 1:0 p.m.•64 views

CVE-2018-13391

The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and from version 7.11.0 before version 7.11.2 allows remote a...

5.3CVSS5.1AI score0.00155EPSS

CVE•added 2018/07/16 1:29 p.m.•60 views

CVE-2018-13387

The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML or...

6.1CVSS5.8AI score0.00203EPSS

CVE•added 2018/10/23 2:0 p.m.•60 views

CVE-2018-13401

The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 b...

6.1CVSS6.1AI score0.00154EPSS

CVE•added 2018/10/23 2:0 p.m.•59 views

CVE-2018-13400

Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12...

6.5CVSS4.8AI score0.00295EPSS

CVE•added 2018/07/24 1:29 p.m.•58 views

CVE-2017-18104

The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers who are able to observe or otherwise intercept webhook events to learn information about changes in issues that should not be sent because they are not contained within...

5.9CVSS5.6AI score0.00272EPSS

CVE•added 2018/10/23 2:0 p.m.•56 views

CVE-2018-13402

Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version ...

6.1CVSS6.1AI score0.00154EPSS

CVE•added 2018/07/18 2:29 p.m.•50 views

CVE-2018-5232

The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuetype parameter.

6.1CVSS5.9AI score0.00231EPSS

CVE•added 2018/04/17 1:29 p.m.•49 views

CVE-2017-18102

The wiki markup component of atlassian-renderer from version 8.0.0 before version 8.0.22 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in nested wiki markup.

5.4CVSS5.1AI score0.00313EPSS

CVE•added 2018/08/28 1:0 p.m.•49 views

CVE-2018-13395

Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and before version 7.11.1 allow remote attackers to inject arbitrary HTML or...

6.1CVSS5.9AI score0.00231EPSS