Atlassian : Security Vulnerabilities, CVEs, Published In 2017 (XSS)
The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme.
Max CVSS
6.1
EPSS Score
0.10%
Published
2017-12-05
Updated
2017-12-19
Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter.
Max CVSS
6.1
EPSS Score
0.17%
Published
2017-10-11
Updated
2020-11-25
The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter.
Max CVSS
5.4
EPSS Score
0.08%
Published
2017-10-11
Updated
2020-11-25
The repository changelog resource in Atlassian Fisheye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the start date and end date parameters.
Max CVSS
5.4
EPSS Score
0.07%
Published
2017-08-24
Updated
2020-11-25
The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file.
Max CVSS
5.4
EPSS Score
0.07%
Published
2017-08-24
Updated
2018-01-31
Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file.
Max CVSS
5.4
EPSS Score
0.07%
Published
2017-08-24
Updated
2020-11-25
The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the review filter title parameter.
Max CVSS
5.4
EPSS Score
0.07%
Published
2017-08-24
Updated
2018-01-31
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
Max CVSS
6.1
EPSS Score
0.58%
Published
2017-08-23
Updated
2019-05-10
Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.
Max CVSS
6.1
EPSS Score
0.28%
Published
2017-01-31
Updated
2017-02-03
Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action.
Max CVSS
6.1
EPSS Score
0.35%
Published
2017-01-18
Updated
2017-01-20
Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name.
Max CVSS
4.8
EPSS Score
0.12%
Published
2017-04-10
Updated
2018-02-16
Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page.
Max CVSS
5.4
EPSS Score
0.12%
Published
2017-04-10
Updated
2018-02-16
12 vulnerabilities found