|
201281
|
5.4 |
MEDIUM
Network
|
atlassian
|
crucible
fisheye
|
The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability throu…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4023
|
2024-11-21 14:32 |
2020-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201282
|
5.4 |
MEDIUM
Network
|
atlassian
|
jira
jira_software_data_center
jira_server
jira_data_center
|
Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4021
|
2024-11-21 14:32 |
2020-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201283
|
7.2 |
HIGH
Network
|
atlassian
|
companion
|
The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execut…
|
NVD-CWE-Other
|
CVE-2020-4020
|
2024-11-21 14:32 |
2020-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201284
|
7.8 |
HIGH
Local
|
atlassian
|
companion
|
The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted sear…
|
CWE-426
Untrusted Search Path
|
CVE-2020-4019
|
2024-11-21 14:32 |
2020-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201285
|
8.8 |
HIGH
Network
|
atlassian
|
crucible
fisheye
|
The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery (CSRF) vulnerability.
|
CWE-352
Origin Validation Error
|
CVE-2020-4018
|
2024-11-21 14:32 |
2020-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201286
|
5.3 |
MEDIUM
Network
|
atlassian
|
crucible
fisheye
|
The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configur…
|
NVD-CWE-noinfo
|
CVE-2020-4017
|
2024-11-21 14:32 |
2020-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201287
|
5.3 |
MEDIUM
Network
|
atlassian
|
crucible
fisheye
|
The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira applicatio…
|
NVD-CWE-noinfo
|
CVE-2020-4016
|
2024-11-21 14:32 |
2020-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201288
|
4.3 |
MEDIUM
Network
|
atlassian
|
crucible
fisheye
|
The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a information disclosure vulnerability.
|
NVD-CWE-noinfo
|
CVE-2020-4015
|
2024-11-21 14:32 |
2020-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201289
|
4.3 |
MEDIUM
Network
|
atlassian
|
crucible
fisheye
|
The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to remove another user's watching settings for a repository via an improper authori…
|
NVD-CWE-noinfo
|
CVE-2020-4014
|
2024-11-21 14:32 |
2020-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201290
|
5.4 |
MEDIUM
Network
|
atlassian
|
crucible
fisheye
|
The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the re…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4013
|
2024-11-21 14:32 |
2020-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
