Lucene search
Fa1767dc8cc8ATLASSIAN:CONFSERVER-39689HistoryOct 26, 2015 - 8:04 p.m.
Rest API XSS
2015-10-2620:04:02
fa1767dc8cc8
jira.atlassian.com
15
0.002 Low
EPSS
Percentile
55.7%
An unauthenticated XSS vulnerability has been confirmed in confluence 5.8.15 and 5.8.14.
The vulnerability is located at /rest/prototype/1/session/check/something
POC URL:
http://<server>/conf_path/rest/prototype/1/session/check/something%3Cimg%20src%3da%20onerror%3dalert%280%29%3E
This was confirmed in the latest version of firefox.
Related
cvelist
cvelist
CVE-2015-8398
2016-04-11 21:00:00
atlassian
atlassian
Rest API XSS
2015-10-26 20:04:02
Rest API XSS
2015-10-26 20:04:02
nvd
nvd
CVE-2015-8398
2016-04-11 21:59:10
cve
cve
CVE-2015-8398
2016-04-11 21:59:10
prion
prion
Cross site scripting
2016-04-11 21:59:00
packetstorm
packetstorm
Atlassian Confluence XSS / Insecure Direct Object Reference
2016-01-04 00:00:00
openvas
openvas
Atlassian Confluence Multiple Vulnerabilities
2016-07-04 00:00:00
zdt
zdt
Atlassian Confluence 5.2 / 5.8.14 / 5.8.15 - Multiple Vulnerabilities
2016-01-05 00:00:00
exploitpack
exploitpack
Atlassian Confluence 5.25.8.145.8.15 - Multiple Vulnerabilities
2016-01-05 00:00:00
exploitdb
exploitdb
Atlassian Confluence 5.2/5.8.14/5.8.15 - Multiple Vulnerabilities
2016-01-05 00:00:00