Atlassian Atlassian Fisheye And Crucible
5 CVEs affecting Atlassian Atlassian Fisheye And Crucible. Latest disclosed: 2017-10-11. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-9511 | High | 7.5 | 2017-08-24 | The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traver… |
CVE-2017-9512 | High | 7.5 | 2017-08-24 | The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information… |
CVE-2017-14588 | Medium | 6.1 | 2017-10-11 | Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripti… |
CVE-2017-14587 | Medium | 5.4 | 2017-10-11 | The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript… |
CVE-2017-9508 | Medium | 5.4 | 2017-08-24 | Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripti… |