CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Atlassian: >> Fisheye >> 4.7.2 Security Vulnerabilities

CVE-2019-15008

The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the reviewedBranch parameter.

CVSS Score

6.1

EPSS Score

0.005

Published

2019-12-11

CVE-2019-15009

The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability.

CVSS Score

4.3

EPSS Score

0.003

Published

2019-12-11

Page 3

Vulnerabilities

Vulnerable Software

Atlassian: >> Fisheye >> 4.7.2 Security Vulnerabilities

Products

Pricing

Contact Us