Atlassian Fisheye And Crucible
16 CVEs affecting Atlassian Fisheye And Crucible. Latest disclosed: 2019-02-20. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-14591 | Critical | 9.0 | 2017-11-29 | Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, all… |
CVE-2018-20241 | | 2019-02-20 | The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via… | |
CVE-2018-20240 | | 2019-02-20 | The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript v… | |
CVE-2018-13399 | | 2018-10-16 | The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissio… | |
CVE-2018-13398 | | 2018-09-18 | The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a… | |
CVE-2018-13392 | | 2018-08-13 | Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripti… | |
CVE-2018-13388 | | 2018-07-10 | The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cros… | |
CVE-2017-16859 | | 2018-06-28 | The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote a… | |
CVE-2018-5228 | | 2018-04-24 | The /browse/~raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross sit… | |
CVE-2018-5223 | | 2018-03-29 | Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument… | |
CVE-2017-18094 | | 2018-03-22 | Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allow remote attackers with administrative pri… | |
CVE-2017-18093 | | 2018-02-19 | Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allow remote attackers who have permiss… | |
CVE-2017-18091 | | 2018-02-16 | The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers w… | |
CVE-2017-18035 | | 2018-02-02 | The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permis… | |
CVE-2017-18034 | | 2018-02-02 | The source browse resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 allows allows remote attackers that have write access to an indexed… | |
CVE-2017-16861 | | 2018-02-01 | It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An attacker who can access the… |