cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2019-14999,https://securityvulnerability.io/vulnerability/CVE-2019-14999,Cross-Site Request Forgery Vulnerability in Atlassian Universal Plugin Manager,"A Cross-Site Request Forgery (CSRF) vulnerability exists within the Uninstall REST endpoint of the Atlassian Universal Plugin Manager, affecting specific versions prior to 2.22.19, as well as selected versions of 3.0.0 and 4.0.0. This flaw enables authenticated remote attackers to exploit the system and uninstall plugins without appropriate authorization, potentially compromising the integrity of the application and allowing unauthorized actions.",Atlassian,Universal Plugin Manager,4.3,MEDIUM,0.000750000006519258,false,,false,false,false,,,false,false,,2019-08-23T14:15:00.000Z,0
CVE-2018-20233,https://securityvulnerability.io/vulnerability/CVE-2018-20233,,"The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR.",Atlassian,Universal Plugin Manager,6.5,MEDIUM,0.0026100000832229853,false,,false,false,false,,,false,false,,2019-01-18T21:29:00.000Z,0
CVE-2018-5229,https://securityvulnerability.io/vulnerability/CVE-2018-5229,,The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names.,Atlassian,Universal Plugin Manager,5.4,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2018-07-16T00:00:00.000Z,0