Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2019
CVE-2019-8445
Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worklog time information via a missing permissions check.
CVSS Score
5.3
EPSS Score
0.009
Published
2019-08-23
CVE-2019-8446
The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check.
CVSS Score
5.3
EPSS Score
0.702
Published
2019-08-23
CVE-2019-8447
The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery (CSRF) vulnerability.
CVSS Score
4.3
EPSS Score
0.002
Published
2019-08-23
CVE-2019-11584
The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url of an issue priority.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-23
CVE-2019-11585
The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-08-23
CVE-2019-11586
The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerability.
CVSS Score
4.3
EPSS Score
0.001
Published
2019-08-23
CVE-2019-15482
selectize-plugin-a11y before 1.1.0 has XSS via the msg field.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-23
CVE-2019-15483
Bolt before 3.6.10 has XSS via a title that is mishandled in the system log.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-23
CVE-2019-15484
Bolt before 3.6.10 has XSS via an image's alt or title field.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-08-23
CVE-2019-15485
Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-08-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved