Lucene search

[email protected]CVE-2019-15233

HistoryAug 20, 2019 - 2:15 p.m.

CVE-2019-15233

2019-08-2014:15:11

CWE-79

[email protected]

web.nvd.nist.gov

cve-2019-15233

live:text box

old street

input macros

confluence

xss

administrator session cookie

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

32.7%

JSON

The Live:Text Box macro in the Old Street Live Input Macros app before 2.11 for Confluence has XSS, leading to theft of the Administrator Session Cookie.

Affected configurations

NVD

Node

oldstreetsolutionslive_input_macrosRange<2.11confluence

CPENameOperatorVersion
oldstreetsolutions:live_input_macrosoldstreetsolutions live input macroslt2.11

CPE	Name	Operator	Version
oldstreetsolutions:live_input_macros	oldstreetsolutions live input macros	lt	2.11

References

github.com/l0nax/CVE-2019-15233

marketplace.atlassian.com/apps/1215287/live-input-macros?hosting=server&tab=versions

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

32.7%

JSON

Related for CVE-2019-15233

nvd1 githubexploit1 prion1 cvelist1