CVE-2019-8444

The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in image attribute specification.

Source: CVE-2019-8444

CVE-2019-11584

The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url of an issue priority.

Source: CVE-2019-11584

CVE-2019-11586

The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerability.

Source: CVE-2019-11586

CVE-2019-11585

The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.

Source: CVE-2019-11585

CVE-2019-15491

openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21.

Source: CVE-2019-15491

CVE-2019-15482

selectize-plugin-a11y before 1.1.0 has XSS via the msg field.

Source: CVE-2019-15482

CVE-2019-15483

Bolt before 3.6.10 has XSS via a title that is mishandled in the system log.

Source: CVE-2019-15483

CVE-2019-15484

Bolt before 3.6.10 has XSS via an image’s alt or title field.

Source: CVE-2019-15484

CVE-2019-15486

django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_reverse_inline.

Source: CVE-2019-15486

CVE-2019-15485

Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php.

Source: CVE-2019-15485