Shodan
Vulnerabilities
Vulnerable Software
Atlassian:  >> Fisheye  >> 4.4.0  Security Vulnerabilities
CVE-2017-14587
The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-10-11
CVE-2017-14588
Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-10-11
CVE-2017-9511
The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system.
CVSS Score
7.5
EPSS Score
0.009
Published
2017-08-24
CVE-2017-9507
The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the review filter title parameter.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-08-24
CVE-2017-9508
Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-08-24
CVE-2017-9509
The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-08-24
CVE-2017-9510
The repository changelog resource in Atlassian Fisheye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the start date and end date parameters.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-08-24
CVE-2017-9512
The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks.
CVSS Score
7.5
EPSS Score
0.016
Published
2017-08-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved