Shodan
Vulnerabilities
Vulnerable Software
Atlassian:  >> Jira  >> 2.3  Security Vulnerabilities
CVE-2017-18097
The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the title of a Trello card.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-04-06
CVE-2017-18098
The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fields.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-04-06
CVE-2017-16863
The PieChart gadget in Atlassian Jira before version 7.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a project or filter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-01-18
CVE-2017-18033
The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-01-18
CVE-2017-16865
The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access credentials and other potentially confidential information.
CVSS Score
5.3
EPSS Score
0.001
Published
2018-01-17
CVE-2017-14594
The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-01-12
CVE-2017-16862
The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability.
CVSS Score
4.3
EPSS Score
0.002
Published
2018-01-12
CVE-2017-16864
The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-01-12
CVE-2016-4318
Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name.
CVSS Score
4.8
EPSS Score
0.002
Published
2017-04-10
CVE-2016-4319
Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-04-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved