Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
Atlassian

Jira

19 Versions 52 CVEs

Versions

7.9.0

SEMANTIC 9 CVEs

7.8.0

SEMANTIC 10 CVEs

8.1.0

SEMANTIC 3 CVEs

prior to 7.4.2

OTHER 1 CVE

prior 7.2.12

OTHER 1 CVE

7.12.0

SEMANTIC 4 CVEs

unspecified

OTHER 46 CVEs

from 6.2.1 prior to 7.4.4

OTHER 1 CVE

7.3.0 before 7.6.1

OTHER 1 CVE

prior to 7.6.2

OTHER 1 CVE

8.3.0

SEMANTIC 5 CVEs

next of 7.7.0

OTHER 1 CVE

7.11.0

SEMANTIC 6 CVEs

7.7.0

SEMANTIC 13 CVEs

7.13.0

SEMANTIC 5 CVEs

7.10.0

SEMANTIC 7 CVEs

8.0.0

SEMANTIC 18 CVEs

8.5.0

SEMANTIC 1 CVE

All versions before 7.6.1

OTHER 2 CVEs

Recent CVEs

CVE-2018-20826

The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check.

UNKNOWN Aug 09, 2019

CVE-2018-20827

The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the country parameter.

UNKNOWN Aug 09, 2019

CVE-2018-20824

The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter.

UNKNOWN May 03, 2019

CVE-2017-18104

The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers who are able to observe or otherwise intercept webhook events to learn information about changes in issues that should not be sent because they are not contained within the results of a specified JQL query.

UNKNOWN Jul 24, 2018

CVE-2018-5232

The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuetype parameter.

UNKNOWN Jul 18, 2018

CVE-2018-5231

The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to perform a denial of service attack via sending requests to it.

UNKNOWN May 16, 2018

CVE-2018-5230

The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified.

UNKNOWN May 14, 2018

CVE-2017-18101

Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks.

UNKNOWN Apr 10, 2018

CVE-2017-18098

The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fields.

UNKNOWN Apr 06, 2018

CVE-2017-18097

The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the title of a Trello card.

UNKNOWN Apr 06, 2018