Universal Plugin Manager Security Vulnerabilities and Issues — Universal Plugin Manager CVE List

Lucene search

AtlassianUniversal Plugin Manager

3 matches found

CVE•added 2019/08/23 2:15 p.m.•44 views

CVE-2019-14999

The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated admi...

4.3CVSS4.6AI score0.00087EPSS

CVE•added 2018/07/16 1:29 p.m.•41 views

CVE-2018-5229

The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names.

5.4CVSS5.1AI score0.00175EPSS

CVE•added 2019/01/18 9:29 p.m.•40 views

CVE-2018-20233

The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian p...

6.5CVSS6.4AI score0.00771EPSS